Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-7793
Publication date:
14/08/2024
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-task.php. The manipulation of the argument task_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-7794
Publication date:
14/08/2024
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file mybill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-7513
Publication date:
14/08/2024
CVE-2024-7513 IMPACT<br /> <br /> A code execution vulnerability exists in the affected product. The vulnerability occurs due to improper default file permissions allowing any user to edit or replace files, which are executed by account with elevated permissions.
Severity CVSS v4.0: HIGH
Last modification:
31/01/2025

CVE-2024-7515
Publication date:
14/08/2024
CVE-2024-7515 IMPACT<br /> <br /> A denial-of-service vulnerability exists in the affected products. A malformed PTP management packet can cause a major nonrecoverable fault in the controller.
Severity CVSS v4.0: HIGH
Last modification:
04/03/2025

CVE-2024-42360
Publication date:
14/08/2024
SequenceServer lets you rapidly set up a BLAST+ server with an intuitive user interface for personal or group use. Several HTTP endpoints did not properly sanitize user input and/or query parameters. This could be exploited to inject and run unwanted shell commands. This vulnerability has been fixed in 3.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2024

CVE-2024-6078
Publication date:
14/08/2024
CVE-2024-6078 IMPACT<br /> <br /> An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud.
Severity CVSS v4.0: Pending analysis
Last modification:
15/08/2024

CVE-2024-40619
Publication date:
14/08/2024
CVE-2024-40619 IMPACT<br /> <br /> A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
Severity CVSS v4.0: HIGH
Last modification:
31/01/2025

CVE-2024-40620
Publication date:
14/08/2024
CVE-2024-40620 IMPACT<br /> <br /> A vulnerability exists in the affected product due to lack of encryption of sensitive information. The vulnerability results in data being sent between the Console and the Dashboard without encryption, which can be seen in the logs of proxy servers, potentially impacting the data&amp;#39;s confidentiality.
Severity CVSS v4.0: MEDIUM
Last modification:
31/01/2025

CVE-2024-7507
Publication date:
14/08/2024
CVE-2024-7507 IMPACT<br /> <br /> A denial-of-service vulnerability exists in the affected products. This vulnerability occurs when a malformed PCCC message is received, causing a fault in the controller.
Severity CVSS v4.0: HIGH
Last modification:
04/03/2025

CVE-2024-27120
Publication date:
14/08/2024
A Local File Inclusion vulnerability has been found in ComfortKey, a product of Celsius Benelux. Using this vulnerability, an unauthenticated attacker may retrieve sensitive information about the underlying system. The vulnerability has been remediated in version 24.1.2.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2024

CVE-2024-7792
Publication date:
14/08/2024
A vulnerability was found in SourceCodester Task Progress Tracker 1.0. It has been classified as critical. Affected is an unknown function of the file /endpoint/delete-task.php. The manipulation of the argument task leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2024

CVE-2024-35152
Publication date:
14/08/2024
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024
Subscribe to Vulnerabilities