Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22117

Publication date:

26/11/2024

When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.

Severity CVSS v4.0: Pending analysis

Last modification:

26/11/2024

CVE-2024-36463

Publication date:

26/11/2024

The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects.

Severity CVSS v4.0: Pending analysis

Last modification:

26/11/2024

CVE-2024-9928

Publication date:

26/11/2024

A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

26/11/2024

CVE-2024-9929

Publication date:

26/11/2024

A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps.

Severity CVSS v4.0: Pending analysis

Last modification:

26/11/2024

CVE-2024-8236

Publication date:

26/11/2024

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity CVSS v4.0: Pending analysis

Last modification:

21/04/2025

CVE-2024-9461

Publication date:

26/11/2024

The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server.

Severity CVSS v4.0: Pending analysis

Last modification:

22/05/2025

CVE-2024-53976

Publication date:

26/11/2024

Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS

Severity CVSS v4.0: Pending analysis

Last modification:

04/04/2025

CVE-2024-53975

Publication date:

26/11/2024

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS

Severity CVSS v4.0: Pending analysis

Last modification:

04/04/2025

CVE-2024-11708

Publication date:

26/11/2024

Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

04/04/2025

CVE-2024-11706

Publication date:

26/11/2024

A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

07/04/2025

CVE-2024-11701

Publication date:

26/11/2024

The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

05/04/2025

CVE-2024-11702

Publication date:

26/11/2024

Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

05/04/2025

Subscribe to Vulnerabilities