Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-34020

Publication date:

29/04/2024

A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2024

CVE-2023-46270

Publication date:

29/04/2024

MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items.

Severity CVSS v4.0: Pending analysis

Last modification:

28/03/2025

CVE-2023-48683

Publication date:

29/04/2024

Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.

Severity CVSS v4.0: Pending analysis

Last modification:

02/01/2025

CVE-2023-48684

Publication date:

29/04/2024

Severity CVSS v4.0: Pending analysis

Last modification:

06/03/2026

CVE-2024-1579

Publication date:

29/04/2024

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2024

CVE-2024-1969

Publication date:

29/04/2024

Buffer Copy without Checking Size of Input (&#39;Classic Buffer Overflow&#39;) vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2024

CVE-2024-4310

Publication date:

29/04/2024

Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2025

CVE-2024-4308

Publication date:

29/04/2024

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.

Severity CVSS v4.0: Pending analysis

Last modification:

26/09/2025

CVE-2024-4309

Publication date:

29/04/2024

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id=1, /user/credit-debit_transaction.php?id=1,/user/view_transaction. php?id=1 and /user/viewloantrans.php?id=1, id parameter) and retrieve the information stored in the database.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2025

CVE-2024-33587

Publication date:

29/04/2024

Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.9.0.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2024

CVE-2024-33588

Publication date:

29/04/2024

Missing Authorization vulnerability in codeSavory Knowledge Base documentation & wiki plugin – BasePress.This issue affects Knowledge Base documentation & wiki plugin – BasePress: from n/a through 2.16.1.

Severity CVSS v4.0: Pending analysis

Last modification:

30/04/2024

CVE-2024-4307

Publication date:

29/04/2024

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/accounts/activities.php?id=1, /accounts/view-deposit.php?id=1, /accounts/view_cards. php?id=1, /accounts/wire-transfer.php?id=1 and /accounts/wiretransfer-pending.php?id=1, id parameter) and retrieve the information stored in the database.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2025

Subscribe to Vulnerabilities