Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-9390
Publication date:
05/12/2024
In procfile_write of gl_proc.c, there is a possible out of bounds read of a<br /> function pointer due to an incorrect bounds check. This could lead to local<br /> escalation of privilege with System execution privileges needed. User<br /> interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2018-9391
Publication date:
05/12/2024
In update_gps_sv and output_vzw_debug of<br /> vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor<br /> ker.c, there is a possible out of bounds write due to a missing bounds<br /> check. This could lead to local escalation of privilege with System<br /> execution privileges needed. User interaction is not needed for<br /> exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-12064
Publication date:
05/12/2024
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2024

CVE-2024-53457
Publication date:
05/12/2024
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-54140
Publication date:
05/12/2024
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn&amp;#39;t actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0.
Severity CVSS v4.0: LOW
Last modification:
15/04/2026

CVE-2021-0937
Publication date:
05/12/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2024

CVE-2017-13308
Publication date:
05/12/2024
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-53523
Publication date:
05/12/2024
JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-41579
Publication date:
05/12/2024
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-53442
Publication date:
05/12/2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-53589
Publication date:
05/12/2024
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library&amp;#39;s handling of tekhex format files.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-10933
Publication date:
05/12/2024
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any &amp;#39;/&amp;#39; in readdir name validation to avoid unexpected directory traversal on untrusted file systems.
Severity CVSS v4.0: MEDIUM
Last modification:
23/09/2025
Subscribe to Vulnerabilities