Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-51544
Publication date:
05/12/2024
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: HIGH
Last modification:
10/04/2025

CVE-2024-51545
Publication date:
05/12/2024
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: CRITICAL
Last modification:
27/02/2025

CVE-2024-48839
Publication date:
05/12/2024
Improper Input Validation vulnerability allows Remote Code Execution. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: CRITICAL
Last modification:
05/12/2024

CVE-2024-48840
Publication date:
05/12/2024
Unauthorized Access vulnerabilities allow Remote Code Execution. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: CRITICAL
Last modification:
27/02/2025

CVE-2024-48843
Publication date:
05/12/2024
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: HIGH
Last modification:
27/02/2025

CVE-2024-48844
Publication date:
05/12/2024
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: HIGH
Last modification:
27/02/2025

CVE-2024-48845
Publication date:
05/12/2024
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.07.02; <br /> NEXUS Series v3.07.02; <br /> MATRIX Series v3.07.02
Severity CVSS v4.0: CRITICAL
Last modification:
27/02/2025

CVE-2024-48846
Publication date:
05/12/2024
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: HIGH
Last modification:
27/02/2025

CVE-2024-11317
Publication date:
05/12/2024
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: CRITICAL
Last modification:
10/04/2025

CVE-2024-12094
Publication date:
05/12/2024
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number.<br /> Note:<br /> To exploit this vulnerability, the device must be rooted/jailbroken.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2025

CVE-2024-11316
Publication date:
05/12/2024
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. <br /> Affected products:<br /> <br /> <br /> ABB ASPECT - Enterprise v3.08.02; <br /> NEXUS Series v3.08.02; <br /> MATRIX Series v3.08.02
Severity CVSS v4.0: HIGH
Last modification:
10/04/2025

CVE-2024-52270
Publication date:
05/12/2024
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing.<br /> Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -&gt; Examine the print preview): Will render the vulnerability only, not all layers are flattened.<br /> This issue affects DropBox Sign(HelloSign): through 2024-12-04.
Severity CVSS v4.0: HIGH
Last modification:
05/12/2024
Subscribe to Vulnerabilities