Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-13164

Publication date:
14/01/2025
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2024-13165

Publication date:
14/01/2025
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2024-13166

Publication date:
14/01/2025
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2024-13167

Publication date:
14/01/2025
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2024-13158

Publication date:
14/01/2025
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2025

CVE-2024-13159

Publication date:
14/01/2025
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2024-13160

Publication date:
14/01/2025
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2024-13161

Publication date:
14/01/2025
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2024-13162

Publication date:
14/01/2025
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848.
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2024-12085

Publication date:
14/01/2025
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2026

CVE-2024-12086

Publication date:
14/01/2025
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2026

CVE-2024-12087

Publication date:
14/01/2025
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2026