Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-48121
Publication date:
15/01/2025
The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-48122
Publication date:
15/01/2025
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-48123
Publication date:
15/01/2025
An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-48125
Publication date:
15/01/2025
An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-48126
Publication date:
15/01/2025
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2025-22146
Publication date:
15/01/2025
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025

CVE-2025-0483
Publication date:
15/01/2025
A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
13/05/2025

CVE-2025-0484
Publication date:
15/01/2025
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
27/02/2025

CVE-2025-0485
Publication date:
15/01/2025
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
27/02/2025

CVE-2024-54540
Publication date:
15/01/2025
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2025-0482
Publication date:
15/01/2025
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
29/04/2025

CVE-2024-54470
Publication date:
15/01/2025
A logic issue was addressed with improved checks. This issue is fixed in iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1. An attacker with physical access may be able to access contacts from the lock screen.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2026
Subscribe to Vulnerabilities