Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-53696
Publication date:
07/03/2025
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QuLog Center 1.7.0.829 ( 2024/10/01 ) and later<br /> QuLog Center 1.8.0.888 ( 2024/10/15 ) and later<br /> QTS 4.5.4.2957 build 20241119 and later<br /> QuTS hero h4.5.4.2956 build 20241119 and later
Severity CVSS v4.0: MEDIUM
Last modification:
06/12/2025

CVE-2024-50390
Publication date:
07/03/2025
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> QuRouter 2.4.5.032 and later
Severity CVSS v4.0: HIGH
Last modification:
24/09/2025

CVE-2024-53692
Publication date:
07/03/2025
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.2.3.3006 build 20250108 and later<br /> QuTS hero h5.2.3.3006 build 20250108 and later
Severity CVSS v4.0: MEDIUM
Last modification:
20/09/2025

CVE-2024-53693
Publication date:
07/03/2025
An improper neutralization of CRLF sequences (&amp;#39;CRLF Injection&amp;#39;) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.2.3.3006 build 20250108 and later<br /> QuTS hero h5.2.3.3006 build 20250108 and later
Severity CVSS v4.0: HIGH
Last modification:
20/09/2025

CVE-2024-50405
Publication date:
07/03/2025
An improper neutralization of CRLF sequences (&amp;#39;CRLF Injection&amp;#39;) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.2.3.3006 build 20250108 and later<br /> QuTS hero h5.2.3.3006 build 20250108 and later
Severity CVSS v4.0: MEDIUM
Last modification:
20/09/2025

CVE-2024-50394
Publication date:
07/03/2025
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> Helpdesk 3.3.3 and later
Severity CVSS v4.0: HIGH
Last modification:
22/01/2026

CVE-2023-43052
Publication date:
07/03/2025
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to an external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2025

CVE-2024-12975
Publication date:
07/03/2025
A buffer overread can occur in the CPC application when operating in full duplex SPI upon receiving an invalid packet over the SPI interface.
Severity CVSS v4.0: LOW
Last modification:
16/09/2025

CVE-2024-38638
Publication date:
07/03/2025
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.<br /> <br /> QTS 5.2.x/QuTS hero h5.2.x are not affected.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> QTS 5.1.9.2954 build 20241120 and later<br /> QuTS hero h5.1.9.2954 build 20241120 and later
Severity CVSS v4.0: LOW
Last modification:
23/09/2025

CVE-2024-48864
Publication date:
07/03/2025
A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.<br /> <br /> We have already fixed the vulnerability in the following versions:<br /> File Station 5 5.5.6.4741 and later
Severity CVSS v4.0: MEDIUM
Last modification:
19/09/2025

CVE-2024-13086
Publication date:
07/03/2025
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.<br /> <br /> We have already fixed the vulnerability in the following version:<br /> QTS 5.2.0.2851 build 20240808 and later<br /> QuTS hero h5.2.0.2851 build 20240808 and later
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2026

CVE-2023-35894
Publication date:
07/03/2025
IBM Control Center 6.2.1 through 6.3.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025
Subscribe to Vulnerabilities