Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46076
Publication date:
26/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao WooCommerce PDF Invoice Builder, Create invoices, packing slips and more plugin
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2023-30492
Publication date:
26/10/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Vark Minimum Purchase for WooCommerce plugin
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2023-46072
Publication date:
26/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2023

CVE-2023-46074
Publication date:
26/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Borbis Media FreshMail For WordPress plugin
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2023-5802
Publication date:
26/10/2023
Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin – WP Knowledgebase plugin
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2023-5798
Publication date:
26/10/2023
The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF attacks
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2023-46754
Publication date:
26/10/2023
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-5139
Publication date:
26/10/2023
Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2024

CVE-2023-46752
Publication date:
26/10/2023
An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-46753
Publication date:
26/10/2023
An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2023-31421
Publication date:
26/10/2023
It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however, certificate signature validation is still performed. More specifically, when the client is configured to connect to an IP address (instead of a hostname) it does not validate the server certificate's IP SAN values against that IP address and certificate validation fails, and therefore the connection is not blocked as expected.
Severity CVSS v4.0: Pending analysis
Last modification:
15/02/2024

CVE-2023-31422
Publication date:
26/10/2023
An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1 which resolves this issue. The error object recorded in the log contains request information, which can include sensitive data, such as authentication credentials, cookies, authorization headers, query params, request paths, and other metadata. Some examples of sensitive data which can be included in the logs are account credentials for kibana_system, kibana-metricbeat, or Kibana end-users.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2023
Subscribe to Vulnerabilities