Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-9671
Publication date:
09/10/2024
A vulnerability was found in 3Scale. There is no auth mechanism to see a PDF invoice of a Developer user if the URL is known. Anyone can see the invoice if the URL is known or guessed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-9675
Publication date:
09/10/2024
A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2025

CVE-2024-8048
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-7293
Publication date:
09/10/2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-7294
Publication date:
09/10/2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-7840
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-8014
Publication date:
09/10/2024
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-47661
Publication date:
09/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Avoid overflow from uint32_t to uint8_t<br /> <br /> [WHAT &amp; HOW]<br /> dmub_rb_cmd&amp;#39;s ramping_boundary has size of uint8_t and it is assigned<br /> 0xFFFF. Fix it by changing it to uint8_t with value of 0xFF.<br /> <br /> This fixes 2 INTEGER_OVERFLOW issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-47662
Publication date:
09/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection<br /> <br /> [Why]<br /> These registers should not be read from driver and triggering the<br /> security violation when DMCUB work times out and diagnostics are<br /> collected blocks Z8 entry.<br /> <br /> [How]<br /> Remove the register read from DCN35.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2024

CVE-2024-47664
Publication date:
09/10/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware<br /> <br /> If the value of max_speed_hz is 0, it may cause a division by zero<br /> error in hisi_calc_effective_speed().<br /> The value of max_speed_hz is provided by firmware.<br /> Firmware is generally considered as a trusted domain. However, as<br /> division by zero errors can cause system failure, for defense measure,<br /> the value of max_speed is validated here. So 0 is regarded as invalid<br /> and an error code is returned.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2024

CVE-2024-7292
Publication date:
09/10/2024
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2024-47672
Publication date:
09/10/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
05/01/2026
Subscribe to Vulnerabilities