Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-51482
Publication date:
25/04/2024
Improper Authentication vulnerability in EazyPlugins Eazy Plugin Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Eazy Plugin Manager: from n/a through 4.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2024-4173
Publication date:
25/04/2024
<br /> A vulnerability in Brocade SANnav exposes Kafka in the wan interface.<br /> <br /> The vulnerability could allow an unauthenticated attacker to perform various attacks, including DOS against the Brocade SANnav.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2024-3988
Publication date:
25/04/2024
The Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets &amp; Elementor Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s Sina Fancy Text Widget in all versions up to, and including, 3.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2024-3893
Publication date:
25/04/2024
The Classified Listing – Classified ads &amp; Business Directory Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the rtcl_fb_gallery_image_delete AJAX action in all versions up to, and including, 3.0.10.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary attachements.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2024-3929
Publication date:
25/04/2024
The Content Views – Post Grid &amp; Filter, Recent Posts, Category Posts, &amp; More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Widget Post Overlay block in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2023-51478
Publication date:
25/04/2024
Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-6237
Publication date:
25/04/2024
Issue summary: Checking excessively long invalid RSA public keys may take<br /> a long time.<br /> <br /> Impact summary: Applications that use the function EVP_PKEY_public_check()<br /> to check RSA public keys may experience long delays. Where the key that<br /> is being checked has been obtained from an untrusted source this may lead<br /> to a Denial of Service.<br /> <br /> When function EVP_PKEY_public_check() is called on RSA public keys,<br /> a computation is done to confirm that the RSA modulus, n, is composite.<br /> For valid RSA keys, n is a product of two or more large primes and this<br /> computation completes quickly. However, if n is an overly large prime,<br /> then this computation would take a long time.<br /> <br /> An application that calls EVP_PKEY_public_check() and supplies an RSA key<br /> obtained from an untrusted source could be vulnerable to a Denial of Service<br /> attack.<br /> <br /> The function EVP_PKEY_public_check() is not called from other OpenSSL<br /> functions however it is called from the OpenSSL pkey command line<br /> application. For that reason that application is also vulnerable if used<br /> with the &amp;#39;-pubin&amp;#39; and &amp;#39;-check&amp;#39; options on untrusted data.<br /> <br /> The OpenSSL SSL/TLS implementation is not affected by this issue.<br /> <br /> The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2024-4161
Publication date:
25/04/2024
In Brocade SANnav, before Brocade SANnav v2.3.0, syslog traffic received<br /> clear text. This could allow an unauthenticated, remote attacker to <br /> capture sensitive information.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2024-4159
Publication date:
25/04/2024
<br /> Brocade SANnav before v2.3.0a lacks protection mechanisms on port 2377/TCP and 7946/TCP, which could allow an unauthenticated attacker to sniff the SANnav Docker information.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2024-2907
Publication date:
25/04/2024
The AGCA WordPress plugin before 7.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2025

CVE-2024-26924
Publication date:
25/04/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: nft_set_pipapo: do not free live element<br /> <br /> Pablo reports a crash with large batches of elements with a<br /> back-to-back add/remove pattern. Quoting Pablo:<br /> <br /> add_elem("00000000") timeout 100 ms<br /> ...<br /> add_elem("0000000X") timeout 100 ms<br /> del_elem("0000000X")
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-26926
Publication date:
25/04/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> binder: check offset alignment in binder_get_object()<br /> <br /> Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying<br /> txn") introduced changes to how binder objects are copied. In doing so,<br /> it unintentionally removed an offset alignment check done through calls<br /> to binder_alloc_copy_from_buffer() -&gt; check_buffer().<br /> <br /> These calls were replaced in binder_get_object() with copy_from_user(),<br /> so now an explicit offset alignment check is needed here. This avoids<br /> later complications when unwinding the objects gets harder.<br /> <br /> It is worth noting this check existed prior to commit 7a67a39320df<br /> ("binder: add function to copy binder object from buffer"), likely<br /> removed due to redundancy at the time.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2025
Subscribe to Vulnerabilities