Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-42533
Publication date:
25/03/2025
SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-27632
Publication date:
25/03/2025
A Host Header Injection vulnerability in TRMTracker application may allow an attacker by modifying the host header value in an HTTP request to leverage multiple attack vectors, including defacing the site content through web-cache poisoning.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-27633
Publication date:
25/03/2025
The TRMTracker web application is vulnerable to reflected Cross-site scripting attack. The application allows client-side code injection that might be used to compromise the confidentiality and integrity of the system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-29932
Publication date:
25/03/2025
In JetBrains GoLand before 2025.1 an XXE during debugging was possible
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-12169
Publication date:
25/03/2025
A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled.
Severity CVSS v4.0: HIGH
Last modification:
25/03/2025

CVE-2025-1445
Publication date:
25/03/2025
A vulnerability exists in RTU IEC 61850 client and server functionality that could impact the availability if renegotiation of an open IEC61850 TLS connection takes place in specific timing situations, when IEC61850 communication is active.<br /> <br /> Precondition is that IEC61850 as client or server are configured using TLS on RTU500 device. It affects the CMU the IEC61850 stack is configured on.
Severity CVSS v4.0: HIGH
Last modification:
25/03/2025

CVE-2025-27631
Publication date:
25/03/2025
The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-10037
Publication date:
25/03/2025
A vulnerability exists in the RTU500 web server component that can cause a denial of service to the RTU500 CMU application if a specially crafted message sequence is executed on a WebSocket connection.<br /> An attacker must be properly authenticated and the test mode function of RTU500 must be enabled to exploit this vulnerability.<br /> <br /> The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
25/03/2025

CVE-2024-11499
Publication date:
25/03/2025
A vulnerability exists in RTU500 IEC 60870-4-104 controlled station functionality, that allows an authenticated and authorized attacker to perform a CMU restart. The vulnerability can be triggered if certificates are updated while in use on active connections.<br /> <br /> The affected CMU will automatically recover itself if an attacker successfully exploits this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
25/03/2025

CVE-2022-1804
Publication date:
25/03/2025
accountsservice no longer drops permissions when writting .pam_environment
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-2109
Publication date:
25/03/2025
The WP Compress – Instant Performance &amp; Speed Optimization plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.30.15 via the init() function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query information from internal services.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-53679
Publication date:
25/03/2025
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Apache VCL in the User Lookup form. A user with sufficient rights to be able to view this part of the site can craft a URL or be tricked in to clicking a URL that will give a specified user elevated rights.<br /> <br /> <br /> <br /> This issue affects all versions of Apache VCL through 2.5.1.<br /> <br /> <br /> <br /> Users are recommended to upgrade to version 2.5.2, which fixes the issue.
Severity CVSS v4.0: HIGH
Last modification:
25/03/2025
Subscribe to Vulnerabilities