Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-39301

Publication date:

03/11/2023

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later

Severity CVSS v4.0: Pending analysis

Last modification:

14/11/2023

CVE-2023-46404

Publication date:

03/11/2023

PCRS

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2023-46980

Publication date:

03/11/2023

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2022-46818

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2023-5946

Publication date:

03/11/2023

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the &#39;current_group_id&#39; parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity CVSS v4.0: Pending analysis

Last modification:

13/11/2023

CVE-2023-5088

Publication date:

03/11/2023

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM&#39;s boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2022-45805

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2022-46808

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2022-46859

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2022-47426

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2022-47445

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2023-25960

Publication date:

03/11/2023

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in Zendrop Zendrop – Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop – Global Dropshipping: from n/a through 1.0.0.

Severity CVSS v4.0: Pending analysis

Last modification:

13/11/2023

Subscribe to Vulnerabilities