Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-4776
Publication date:
14/05/2024
A file dialog shown while in full-screen mode could have resulted in the window remaining disabled. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4777
Publication date:
14/05/2024
Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-4778
Publication date:
14/05/2024
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-4772
Publication date:
14/05/2024
An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4773
Publication date:
14/05/2024
When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-4774
Publication date:
14/05/2024
The `ShmemCharMapHashEntry()` code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2024-4775
Publication date:
14/05/2024
An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4768
Publication date:
14/05/2024
A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4769
Publication date:
14/05/2024
When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4770
Publication date:
14/05/2024
When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4771
Publication date:
14/05/2024
A memory allocation check was missing which would lead to a use-after-free if the allocation failed. This could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-4765
Publication date:
14/05/2024
Web application manifests were stored by using an insecure MD5 hash which allowed for a hash collision to overwrite another application&amp;#39;s manifest. This could have been exploited to run arbitrary code in another application&amp;#39;s context. <br /> *This issue only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025
Subscribe to Vulnerabilities