Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-46006
Publication date:
18/10/2023
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-46007
Publication date:
18/10/2023
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-31217
Publication date:
18/10/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in MyTechTalky User Location and IP plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-45065
Publication date:
18/10/2023
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-32088
Publication date:
18/10/2023
<br /> Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation<br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-32089
Publication date:
18/10/2023
<br /> Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description<br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-32087
Publication date:
18/10/2023
<br /> Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation<br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-45727
Publication date:
18/10/2023
Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to conduct XML External Entity (XXE) attacks. By processing a specially crafted request containing malformed XML data, arbitrary files on the server containing account information may be read by the attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2023-5632
Publication date:
18/10/2023
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2025

CVE-2023-45056
Publication date:
18/10/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 100plugins Open User Map plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-45057
Publication date:
18/10/2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hitsteps Web Analytics plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023

CVE-2023-45059
Publication date:
18/10/2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gumroad plugin
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2023
Subscribe to Vulnerabilities