Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-0562
Publication date:
19/01/2025
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
28/02/2025

CVE-2025-0563
Publication date:
19/01/2025
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
28/02/2025

CVE-2025-0561
Publication date:
19/01/2025
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
07/02/2025

CVE-2024-45662
Publication date:
18/01/2025
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources.
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2025

CVE-2024-49354
Publication date:
18/01/2025
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2025

CVE-2024-49824
Publication date:
18/01/2025
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and <br /> <br /> IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18<br /> <br /> could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2024-47113
Publication date:
18/01/2025
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025

CVE-2024-47106
Publication date:
18/01/2025
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2025

CVE-2024-51448
Publication date:
18/01/2025
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2025-0560
Publication date:
18/01/2025
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
28/02/2025

CVE-2024-49338
Publication date:
18/01/2025
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2025

CVE-2025-0559
Publication date:
18/01/2025
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
28/02/2025
Subscribe to Vulnerabilities