Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-3930
Publication date:
30/07/2024
In versions of Akana API Platform prior to 2024.1.0 a flaw resulting in XML External Entity (XXE) was discovered.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2024

CVE-2024-41437
Publication date:
30/07/2024
A heap buffer overflow in the function cp_unfilter() (/vendor/cute_png.h) of hicolor v0.5.0 allows attackers to cause a Denial of Service (DoS) via a crafted PNG file.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-41943
Publication date:
30/07/2024
I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2024

CVE-2024-41304
Publication date:
30/07/2024
An arbitrary file upload vulnerability in the uploadFileAction() function of WonderCMS v3.4.3 allows attackers to execute arbitrary code via a crafted SVG file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2024-41305
Publication date:
30/07/2024
A Server-Side Request Forgery (SSRF) in the Plugins Page of WonderCMS v3.4.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2024

CVE-2024-5486
Publication date:
30/07/2024
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-7208
Publication date:
30/07/2024
A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypass security measures provided by DMARC (or SPF or DKIM) policies.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-7209
Publication date:
30/07/2024
A vulnerability exists in the use of shared SPF records in multi-tenant hosting providers, allowing attackers to use network authorization to be abused to spoof the email identify of the sender.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-7297
Publication date:
30/07/2024
Langflow versions prior to 1.0.13 suffer from a Privilege Escalation vulnerability, allowing a remote and low privileged attacker to gain super admin privileges by performing a mass assignment request on the '/api/v1/users' endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
24/06/2025

CVE-2023-38001
Publication date:
30/07/2024
IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2024

CVE-2024-41915
Publication date:
30/07/2024
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-41916
Publication date:
30/07/2024
A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2024
Subscribe to Vulnerabilities