Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-33919
Publication date:
03/05/2024
Missing Authorization vulnerability in Rometheme RomethemeKit For Elementor.This issue affects RomethemeKit For Elementor: from n/a through 1.4.1.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33920
Publication date:
03/05/2024
Missing Authorization vulnerability in Kama Democracy Poll.This issue affects Democracy Poll: from n/a through 6.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-35701
Publication date:
03/05/2024
Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in Apache Hive.<br /> <br /> The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The malicious user must have sufficient permissions to specify/edit JDBC URL(s) in an endpoint relying on the Hive JDBC driver and the JDBC client process must run under a privileged user to fully exploit the vulnerability. <br /> <br /> The attacker can setup a malicious HTTP server and specify a JDBC URL pointing towards this server. When a JDBC connection is attempted, the malicious HTTP server can provide a special response with customized payload that can trigger the execution of certain commands in the JDBC client.This issue affects Apache Hive: from 4.0.0-alpha-1 before 4.0.0.<br /> <br /> Users are recommended to upgrade to version 4.0.0, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025

CVE-2024-23912
Publication date:
03/05/2024
Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows.<br /> <br /> When MC_Open_File() function is used to read a malformed DICOM data, it might result in over-reading memory buffer and could cause memory access violation.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-23913
Publication date:
03/05/2024
Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows.<br /> <br /> When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access violation.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-33918
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Maxim K AJAX Login and Registration modal popup + inline form allows Stored XSS.This issue affects AJAX Login and Registration modal popup + inline form: from n/a through 2.23.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33924
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Realtyna Realtyna Organic IDX plugin allows Reflected XSS.This issue affects Realtyna Organic IDX plugin: from n/a through 4.14.4.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33926
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Karl Kiesinger GWP-Histats allows Stored XSS.This issue affects GWP-Histats: from n/a through 1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33927
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Team GIPHY Giphypress allows Stored XSS.This issue affects Giphypress: from n/a through 1.6.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33941
Publication date:
03/05/2024
Missing Authorization vulnerability in Avirtum iPanorama 360 WordPress Virtual Tour Builder.This issue affects iPanorama 360 WordPress Virtual Tour Builder: from n/a through 1.8.1.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-32831
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Lorna Timbah (webgrrrl) Accessibility Widget allows Stored XSS.This issue affects Accessibility Widget: from n/a through 2.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-33916
Publication date:
03/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in MachoThemes CPO Companion allows Stored XSS.This issue affects CPO Companion: from n/a through 1.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026
Subscribe to Vulnerabilities