Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-41829
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2024

CVE-2024-41132
Publication date:
22/07/2024
ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-41824
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 parameters of the "password" type could leak into the build log in some specific cases
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41825
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41826
Publication date:
22/07/2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2024

CVE-2024-41129
Publication date:
22/07/2024
The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2024

CVE-2024-41131
Publication date:
22/07/2024
ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-32152
Publication date:
22/07/2024
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-32484
Publication date:
22/07/2024
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-21552
Publication date:
22/07/2024
All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the ‘eval’ function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2024

CVE-2024-26020
Publication date:
22/07/2024
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-29073
Publication date:
22/07/2024
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025
Subscribe to Vulnerabilities