Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-1598

Publication date:

14/05/2024

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects: SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.

Severity CVSS v4.0: Pending analysis

Last modification:

25/09/2025

CVE-2024-1486

Publication date:

14/05/2024

Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices

Severity CVSS v4.0: Pending analysis

Last modification:

14/05/2024

CVE-2024-0870

Publication date:

14/05/2024

The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the &#39;save_mail_status&#39; and &#39;save_email_settings&#39; functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.

Severity CVSS v4.0: Pending analysis

Last modification:

08/04/2026

CVE-2024-0762

Publication date:

14/05/2024

Potential buffer overflow in unsafe UEFI variable handling in Phoenix SecureCore™ for select Intel platforms This issue affects: Phoenix SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998; Phoenix SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562; Phoenix SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323; Phoenix SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287; Phoenix SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236; Phoenix SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184; Phoenix SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269; Phoenix SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218; Phoenix SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.

Severity CVSS v4.0: Pending analysis

Last modification:

29/09/2025

CVE-2023-6812

Publication date:

14/05/2024

The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the &#39;css&#39; parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Severity CVSS v4.0: Pending analysis

Last modification:

08/04/2026

CVE-2023-46280

Publication date:

14/05/2024

A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions

Severity CVSS v4.0: HIGH

Last modification:

10/12/2024

CVE-2023-35841

Publication date:

14/05/2024

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

Severity CVSS v4.0: Pending analysis

Last modification:

25/09/2025

CVE-2024-4855

Publication date:

14/05/2024

Use after free issue in editcap could cause denial of service via crafted capture file

Severity CVSS v4.0: Pending analysis

Last modification:

07/08/2025

CVE-2024-4853

Publication date:

14/05/2024

Memory handling issue in editcap could cause denial of service via crafted capture file

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2024-4854

Publication date:

14/05/2024

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2024-4840

Publication date:

14/05/2024

An flaw was found in the OpenStack Platform (RHOSP) director, a toolset for installing and managing a complete RHOSP environment. Plaintext passwords may be stored in log files, which can expose sensitive information to anyone with access to the logs.

Severity CVSS v4.0: Pending analysis

Last modification:

25/11/2024

CVE-2024-4825

Publication date:

14/05/2024

A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.

Severity CVSS v4.0: Pending analysis

Last modification:

27/06/2025

Subscribe to Vulnerabilities