Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-33121
Publication date:
06/05/2024
Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2024-33570
Publication date:
06/05/2024
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.8.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2024-33576
Publication date:
06/05/2024
Missing Authorization vulnerability in Ollybach WPPizza.This issue affects WPPizza: from n/a through 3.18.10.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2024

CVE-2024-33599
Publication date:
06/05/2024
nscd: Stack-based buffer overflow in netgroup cache<br /> <br /> If the Name Service Cache Daemon&amp;#39;s (nscd) fixed size cache is exhausted<br /> by client requests then a subsequent client request for netgroup data<br /> may result in a stack-based buffer overflow. This flaw was introduced<br /> in glibc 2.15 when the cache was added to nscd.<br /> <br /> This vulnerability is only present in the nscd binary.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2024-33600
Publication date:
06/05/2024
nscd: Null pointer crashes after notfound response<br /> <br /> If the Name Service Cache Daemon&amp;#39;s (nscd) cache fails to add a not-found<br /> netgroup response to the cache, the client request can result in a null<br /> pointer dereference. This flaw was introduced in glibc 2.15 when the<br /> cache was added to nscd.<br /> <br /> This vulnerability is only present in the nscd binary.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2024-33601
Publication date:
06/05/2024
nscd: netgroup cache may terminate daemon on memory allocation failure<br /> <br /> The Name Service Cache Daemon&amp;#39;s (nscd) netgroup cache uses xmalloc or<br /> xrealloc and these functions may terminate the process due to a memory<br /> allocation failure resulting in a denial of service to the clients. The<br /> flaw was introduced in glibc 2.15 when the cache was added to nscd.<br /> <br /> This vulnerability is only present in the nscd binary.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2025

CVE-2024-33602
Publication date:
06/05/2024
nscd: netgroup cache assumes NSS callback uses in-buffer strings<br /> <br /> The Name Service Cache Daemon&amp;#39;s (nscd) netgroup cache can corrupt memory<br /> when the NSS callback does not store all strings in the provided buffer.<br /> The flaw was introduced in glibc 2.15 when the cache was added to nscd.<br /> <br /> This vulnerability is only present in the nscd binary.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2024-33907
Publication date:
06/05/2024
Missing Authorization vulnerability in Michael Nelson Print My Blog.This issue affects Print My Blog: from n/a through 3.26.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2024

CVE-2024-33908
Publication date:
06/05/2024
Missing Authorization vulnerability in Themesgrove WidgetKit.This issue affects WidgetKit: from n/a through 2.5.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2024

CVE-2024-33117
Publication date:
06/05/2024
crmeb_java v1.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the mergeList method in class com.zbkj.front.pub.ImageMergeController.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2025

CVE-2024-33118
Publication date:
06/05/2024
LuckyFrameWeb v3.5.2 was discovered to contain an arbitrary read vulnerability via the fileDownload method in class com.luckyframe.project.common.CommonController.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2025

CVE-2024-3661
Publication date:
06/05/2024
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Severity CVSS v4.0: Pending analysis
Last modification:
15/01/2025
Subscribe to Vulnerabilities