Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46292
Publication date:
09/10/2024
A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's documentation indicates that it is not guaranteed to be usable with very large values of SecRequestBodyNoFilesLimit (which are required by the claimed issue).
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2024-25825
Publication date:
09/10/2024
FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-46304
Publication date:
09/10/2024
A NULL pointer dereference in libcoap v4.3.5-rc2 and below allows a remote attacker to cause a denial of service via the coap_handle_request_put_block function in src/coap_block.c.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-8015
Publication date:
09/10/2024
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-9671
Publication date:
09/10/2024
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-9675
Publication date:
09/10/2024
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2025

CVE-2024-8048
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-7293
Publication date:
09/10/2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-7294
Publication date:
09/10/2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-7840
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-8014
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-47661
Publication date:
09/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Avoid overflow from uint32_t to uint8_t<br /> <br /> [WHAT &amp; HOW]<br /> dmub_rb_cmd&amp;#39;s ramping_boundary has size of uint8_t and it is assigned<br /> 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.<br /> <br /> This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024
Subscribe to Vulnerabilities