Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22272
Publication date:
27/06/2024
VMware Cloud Director contains an Improper Privilege Management vulnerability. <br /> <br /> <br /> An authenticated tenant administrator for a<br /> given organization within VMware Cloud Director may be able to <br /> accidentally disable their organization leading to a Denial of Service <br /> for active sessions within their own organization&amp;#39;s scope.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-22276
Publication date:
27/06/2024
VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability.<br /> <br /> <br /> A malicious actor with adjacent access to <br /> web/proxy server logging may be able to obtain sensitive information <br /> from URLs that are logged.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2024

CVE-2024-6127
Publication date:
27/06/2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution. A remote, unauthenticated attacker can exploit this vulnerability over HTTP by acting as a normal agent, completing all cryptographic handshakes, and then triggering an upload of payload data containing a malicious path.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2024-38523
Publication date:
27/06/2024
Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The TOTP authentication flow has multiple issues that weakens its one-time nature. Specifically, the lack of 2FA for changing security settings allows attacker with CSRF or XSS primitives to change such settings without user interaction and credentials are required. This vulnerability has been patched in version 0.10.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2024

CVE-2024-39129
Publication date:
27/06/2024
Heap Buffer Overflow vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function PushTSBuf() at /src/PayloadBuf.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2024-39130
Publication date:
27/06/2024
A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-39133
Publication date:
27/06/2024
Heap Buffer Overflow vulnerability in zziplib v0.13.77 allows attackers to cause a denial of service via the __zzip_parse_root_directory() function at /zzip/zip.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-39207
Publication date:
27/06/2024
lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-39208
Publication date:
27/06/2024
luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-31802
Publication date:
27/06/2024
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2024-6139
Publication date:
27/06/2024
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2024

CVE-2024-6250
Publication date:
27/06/2024
An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025
Subscribe to Vulnerabilities