Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-29827
Publication date:
31/05/2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2024

CVE-2024-29828
Publication date:
31/05/2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an authenticated attacker within the same network to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2024

CVE-2024-1275
Publication date:
31/05/2024
Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2024

CVE-2024-22058
Publication date:
31/05/2024
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and older.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2024-22059
Publication date:
31/05/2024
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to DoS.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2025

CVE-2024-22060
Publication date:
31/05/2024
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM server.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2025

CVE-2024-29822
Publication date:
31/05/2024
An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2024

CVE-2021-44534
Publication date:
31/05/2024
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information disclosure.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-38042
Publication date:
31/05/2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as SYSTEM.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2023-38551
Publication date:
31/05/2024
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-46810
Publication date:
31/05/2024
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2024-36120
Publication date:
31/05/2024
javascript-deobfuscator removes common JavaScript obfuscation techniques. In affected versions crafted payloads targeting expression simplification can lead to code execution. This issue has been patched in version 1.1.0. Users are advised to update. Users unable to upgrade should disable the expression simplification feature.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025
Subscribe to Vulnerabilities