Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-30215
Publication date:
09/04/2024
The Resource Settings page allows a high privilege attacker to load exploitable payload to be stored and reflected whenever a User visits the page. In a successful attack, some information could be obtained and/or modified. However, the attacker does not have control over what information is obtained, or the amount or kind of loss is limited.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2024

CVE-2024-27983
Publication date:
09/04/2024
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-25646
Publication date:
09/04/2024
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2025

CVE-2024-27898
Publication date:
09/04/2024
SAP NetWeaver application, due to insufficient input validation, allows an attacker to send a crafted request from a vulnerable web application targeting internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. Thus, having a low impact on confidentiality.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2025

CVE-2024-27899
Publication date:
09/04/2024
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2024

CVE-2024-27901
Publication date:
09/04/2024
SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API&amp;#39;s. Thus, causing a considerable impact on confidentiality, integrity and availability of the application.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2024

CVE-2024-31047
Publication date:
08/04/2024
An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service (DoS) via the convert function of exrmultipart.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
13/08/2025

CVE-2024-22949
Publication date:
08/04/2024
JFreeChart v1.5.4 was discovered to contain a NullPointerException via the component /chart/annotations/CategoryLineAnnotation. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-23079
Publication date:
08/04/2024
JGraphT Core v1.5.2 was discovered to contain a NullPointerException via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compare(Double, Double). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2024

CVE-2024-23081
Publication date:
08/04/2024
ThreeTen Backport v1.6.8 was discovered to contain a NullPointerException via the component org.threeten.bp.LocalDate::compareTo(ChronoLocalDate). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2024-23084
Publication date:
08/04/2024
Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification.
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2024-23584
Publication date:
08/04/2024
The NMAP Importer service​ may expose data store credentials to authorized users of the Windows Registry.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025
Subscribe to Vulnerabilities