Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-5209
Publication date:
16/08/2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printing capabilities until the system is rebooted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2025

CVE-2024-5210
Publication date:
16/08/2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to prevent printer services from being reachable until the system is rebooted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2025

CVE-2024-6004
Publication date:
16/08/2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to deny printer connections until the system is rebooted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2025

CVE-2024-6098
Publication date:
16/08/2024
When performing an online tag generation to devices which communicate <br /> using the ControlLogix protocol, a machine-in-the-middle, or a device <br /> that is not configured correctly, could deliver a response leading to <br /> unrestricted or unregulated resource allocation. This could cause a <br /> denial-of-service condition and crash the Kepware application. By <br /> default, these functions are turned off, yet they remain accessible for <br /> users who recognize and require their advantages.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-4763
Publication date:
16/08/2024
An insecure driver vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM)<br /> <br /> that could allow a local attacker to escalate privileges to kernel.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-4781
Publication date:
16/08/2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to crash printer communications until the system is rebooted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2025

CVE-2024-4782
Publication date:
16/08/2024
A denial-of-service vulnerability was reported in some Lenovo printers that could allow an unauthenticated attacker on a shared network to disrupt the printer&amp;#39;s functionality until a manual system reboot occurs.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2025

CVE-2024-43381
Publication date:
16/08/2024
reNgine is an automated reconnaissance framework for web applications. Versions 2.1.2 and prior are susceptible to Stored Cross-Site Scripting (XSS) attacks. This vulnerability occurs when scanning a domain, and if the target domain&amp;#39;s DNS record contains an XSS payload, it leads to the execution of malicious scripts in the reNgine&amp;#39;s dashboard view when any user views the scan results. The XSS payload is directly fetched from the DNS record of the remote target domain. Consequently, an attacker can execute the attack without requiring any additional input from the target or the reNgine user. A patch is available and expected to be part of version 2.1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-43807
Publication date:
16/08/2024
In JetBrains TeamCity before 2024.07.1 multiple stored XSS was possible on Clouds page
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-43808
Publication date:
16/08/2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-43809
Publication date:
16/08/2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-43810
Publication date:
16/08/2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible in the AWS Core plugin
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024
Subscribe to Vulnerabilities