Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22475
Publication date:
18/03/2024
Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2024

CVE-2024-23604
Publication date:
18/03/2024
Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-27974
Publication date:
18/03/2024
Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References].
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2024

CVE-2024-28125
Publication date:
18/03/2024
FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-28128
Publication date:
18/03/2024
Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2024-29156
Publication date:
18/03/2024
In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-29154
Publication date:
18/03/2024
danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-29151
Publication date:
18/03/2024
Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2024

CVE-2018-25099
Publication date:
18/03/2024
In the CryptX module before 0.062 for Perl, gcm_decrypt_verify() and chacha20poly1305_decrypt_verify() do not verify the tag.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2021-47154
Publication date:
18/03/2024
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2024

CVE-2021-47155
Publication date:
18/03/2024
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2021-47156
Publication date:
18/03/2024
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025
Subscribe to Vulnerabilities