Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-43031
Publication date:
23/08/2024
autMan v2.9.6 was discovered to contain an access control issue.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2025

CVE-2024-43032
Publication date:
23/08/2024
autMan v2.9.6 allows attackers to bypass authentication via a crafted web request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2025

CVE-2024-42523
Publication date:
23/08/2024
publiccms V4.0.202302.e and before is vulnerable to Any File Upload via publiccms/admin/cmsTemplate/saveMetaData
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2025

CVE-2024-42636
Publication date:
23/08/2024
DedeCMS V5.7.115 has a command execution vulnerability via file_manage_view.php?fmdo=newfile&activepath.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2025

CVE-2024-42756
Publication date:
23/08/2024
An issue in Netgear DGN1000WW v.1.1.00.45 allows a remote attacker to execute arbitrary code via the Diagnostics page
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2026

CVE-2024-8112
Publication date:
23/08/2024
A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-8113
Publication date:
23/08/2024
Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However, combined with a CSP bypass (which is not currently known) the vulnerability could be used to impersonate other organizers or staff users.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-41150
Publication date:
23/08/2024
An Stored Cross-site Scripting vulnerability in request module affects Zohocorp ManageEngine ServiceDesk Plus, ServiceDesk Plus MSP and SupportCenter Plus.This issue affects ServiceDesk Plus versions: through 14810; ServiceDesk Plus MSP: through 14800; SupportCenter Plus: through 14800.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2024

CVE-2024-42040
Publication date:
23/08/2024
Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-42764
Publication date:
23/08/2024
Kashipara Bus Ticket Reservation System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via /deleteTicket.php.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2024-42765
Publication date:
23/08/2024
A SQL injection vulnerability in "/login.php" of the Kashipara Bus Ticket Reservation System v1.0 allows remote attackers to execute arbitrary SQL commands and bypass Login via the "email" or "password" Login page parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2024-42766
Publication date:
23/08/2024
Kashipara Bus Ticket Reservation System v1.0 0 is vulnerable to Incorrect Access Control via /deleteTicket.php.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2024
Subscribe to Vulnerabilities