Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-25582
Publication date:
19/08/2024
Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-6843
Publication date:
19/08/2024
The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not sanitise and escape user inputs, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-6330
Publication date:
19/08/2024
The GEO my WP WordPress plugin before 4.5.0.2 does not prevent unauthenticated attackers from including arbitrary files in PHP's execution context, which leads to Remote Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-6451
Publication date:
19/08/2024
AI Engine
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-44083
Publication date:
19/08/2024
ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. NOTE: in many use cases, this is an inconvenience but not a security issue.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-44073
Publication date:
19/08/2024
The Miniscript (aka rust-miniscript) library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-44076
Publication date:
19/08/2024
In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2024

CVE-2024-7921
Publication date:
19/08/2024
A vulnerability has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /report/ParkOutRecord/GetDataList. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2024

CVE-2024-44069
Publication date:
19/08/2024
Pi-hole before 6 allows unauthenticated admin/api.php?setTempUnit= calls to change the temperature units of the web dashboard. NOTE: the supplier reportedly does "not consider the bug a security issue" but the specific motivation for letting arbitrary persons change the value (Celsius, Fahrenheit, or Kelvin), seen by the device owner, is unclear.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2025

CVE-2024-44070
Publication date:
19/08/2024
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-44067
Publication date:
19/08/2024
The T-Head XuanTie C910 CPU in the TH1520 SoC and the T-Head XuanTie C920 CPU in the SOPHON SG2042 have instructions that allow unprivileged attackers to write to arbitrary physical memory locations, aka GhostWrite.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2024

CVE-2024-7919
Publication date:
19/08/2024
A vulnerability, which was classified as critical, has been found in Anhui Deshun Intelligent Technology Jieshun JieLink+ JSOTC2016 up to 20240805. This issue affects some unknown processing of the file /report/ParkChargeRecord/GetDataList. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2024
Subscribe to Vulnerabilities