Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-6595
Publication date:
14/12/2023
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-6365
Publication date:
14/12/2023
<br /> In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group.  <br /> <br /> If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2023

CVE-2023-6366
Publication date:
14/12/2023
<br /> In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center.  <br /> <br /> If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2023

CVE-2023-6367
Publication date:
14/12/2023
<br /> In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Roles.  <br /> <br /> If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2023

CVE-2023-50100
Publication date:
14/12/2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2023

CVE-2023-50101
Publication date:
14/12/2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2023

CVE-2023-50102
Publication date:
14/12/2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2023

CVE-2023-50137
Publication date:
14/12/2023
JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2023

CVE-2023-6364
Publication date:
14/12/2023
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified.  It is possible for an attacker to craft a XSS payload and store that value within a dashboard component.  <br /> <br /> If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2023

CVE-2023-49813
Publication date:
14/12/2023
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus allows Stored XSS.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-49820
Publication date:
14/12/2023
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.5.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026

CVE-2023-49841
Publication date:
14/12/2023
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in FancyThemes Optin Forms – Simple List Building Plugin for WordPress allows Stored XSS.This issue affects Optin Forms – Simple List Building Plugin for WordPress: from n/a through 1.3.3.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2026
Subscribe to Vulnerabilities