Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-38380
Publication date:
17/09/2024
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected back to the user's browser, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser session.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-8768
Publication date:
17/09/2024
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-8939
Publication date:
17/09/2024
A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vllm JSON web API can lead to a Denial of Service (DoS). The API used for LLM-based sentence or chat completion accepts a best_of parameter to return the best completion from several options. When this parameter is set to a large value, the API does not handle timeouts or resource exhaustion properly, allowing an attacker to cause a DoS by consuming excessive system resources. This leads to the API becoming unresponsive, preventing legitimate users from accessing the service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-7788
Publication date:
17/09/2024
Improper Digital Signature Invalidation  vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2021-27916
Publication date:
17/09/2024
Prior to the patched version, logged in users of Mautic are vulnerable to Relative Path Traversal/Arbitrary File Deletion. Regardless of the level of access the Mautic user had, they could delete files other than those in the media folders such as system files, libraries or other important files.<br /> <br /> This vulnerability exists in the implementation of the GrapesJS builder in Mautic.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-38860
Publication date:
17/09/2024
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows attackers to craft malicious links that can facilitate phishing attacks.
Severity CVSS v4.0: MEDIUM
Last modification:
11/12/2024

CVE-2024-47047
Publication date:
17/09/2024
An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2024-47049
Publication date:
17/09/2024
The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-22303
Publication date:
17/09/2024
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-21743
Publication date:
17/09/2024
Privilege Escalation vulnerability in favethemes Houzez Login Register houzez-login-register.This issue affects Houzez Login Register: from n/a through 3.2.5.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2021-27915
Publication date:
17/09/2024
Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions.<br /> <br /> This could lead to the user having elevated access to the system.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2024

CVE-2024-8897
Publication date:
17/09/2024
Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site.<br /> *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025
Subscribe to Vulnerabilities