Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-54170
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-56493
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-56494
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-56495
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-56496
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-56810
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-13148
Publication date:
27/02/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-27154
Publication date:
27/02/2025
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
Severity CVSS v4.0: HIGH
Last modification:
07/04/2025

CVE-2025-22280
Publication date:
27/02/2025
Missing Authorization vulnerability in revmakx DefendWP Firewall defend-wp-firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-9334
Publication date:
27/02/2025
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-1692
Publication date:
27/02/2025
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2025

CVE-2025-1693
Publication date:
27/02/2025
The MongoDB Shell may be susceptible to control character injection where an attacker with control over the database cluster contents can inject control characters into the shell output. This may result in the display of falsified messages that appear to originate from mongosh or the underlying operating system, potentially misleading users into executing unsafe actions.<br /> <br /> <br /> The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.<br /> <br /> <br /> This issue affects mongosh versions prior to 2.3.9
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2025
Subscribe to Vulnerabilities