Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47155
Publication date:
18/03/2024
The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2021-47156
Publication date:
18/03/2024
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2021-47157
Publication date:
18/03/2024
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2024-27757
Publication date:
18/03/2024
flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024."
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2024-28745
Publication date:
18/03/2024
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2022-47037
Publication date:
18/03/2024
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-24539
Publication date:
18/03/2024
FusionPBX before 5.2.0 does not validate a session.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-2577
Publication date:
18/03/2024
A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2024-2581
Publication date:
18/03/2024
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2025

CVE-2022-47036
Publication date:
18/03/2024
Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2024

CVE-2023-52159
Publication date:
18/03/2024
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service (grossd daemon crash) or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2024-24230
Publication date:
18/03/2024
Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025
Subscribe to Vulnerabilities