Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-8646
Publication date:
11/09/2024
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.<br /> This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.<br /> This vulnerability only affects applications that are explicitly deployed to the root context (&amp;#39;/&amp;#39;).
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-7805
Publication date:
11/09/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-27114
Publication date:
11/09/2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is removed, leading to execution of code on the underlying system. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-27115
Publication date:
11/09/2024
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements. This leads to the possibility of execution of code on the underlying system when the file is triggered. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-8636
Publication date:
11/09/2024
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-8637
Publication date:
11/09/2024
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-27112
Publication date:
11/09/2024
A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-27113
Publication date:
11/09/2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by exporting it as a CSV file. The vulnerability has been remediated in version 1.52.02.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-45790
Publication date:
11/09/2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user passwords, which could lead to gain unauthorized access and compromise other user accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-6091
Publication date:
11/09/2024
A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as &amp;#39;whoami&amp;#39; and &amp;#39;/bin/whoami&amp;#39;. An attacker can circumvent this restriction by executing commands with a modified path, such as &amp;#39;/bin/./whoami&amp;#39;, which is not recognized by the denylist.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2025

CVE-2024-45787
Publication date:
11/09/2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL and intercepting response of the API request leading to exposure of sensitive information belonging to other users.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024

CVE-2024-45788
Publication date:
11/09/2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoints which could lead to the OTP bombing/flooding on the targeted system.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2024
Subscribe to Vulnerabilities