Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23995
Publication date:
29/04/2024
Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-32268
Publication date:
29/04/2024
An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2025

CVE-2024-34010
Publication date:
29/04/2024
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-34011
Publication date:
29/04/2024
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2024

CVE-2024-34020
Publication date:
29/04/2024
A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2023-46270
Publication date:
29/04/2024
MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-48683
Publication date:
29/04/2024
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2023-48684
Publication date:
29/04/2024
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2024-1579
Publication date:
29/04/2024
Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Secomea GateManager (Webserver modules) allows Session Hijacking.This issue affects GateManager: before 11.2.624071020.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2024

CVE-2024-1969
Publication date:
29/04/2024
Buffer Copy without Checking Size of Input (&amp;#39;Classic Buffer Overflow&amp;#39;) vulnerability in Secomea GateManager (webserver modules) allows crash of GateManager.This issue affects GateManager: from 9.7 before 11.2.624095033.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2024

CVE-2024-4310
Publication date:
29/04/2024
Cross-site Scripting (XSS) vulnerability in HubBank affecting version 1.0.2. This vulnerability allows an attacker to send a specially crafted JavaScript payload to registration and profile forms and trigger the payload when any authenticated user loads the page, resulting in a session takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2024-4308
Publication date:
29/04/2024
SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/admin/view_users.php?id=1,/admin/viewloan-trans.php?id=1,/admin/view-deposit.php?id=1,/admin/view-domtrans.php?id=1, /admin/delete_cards.php?id=1,/admin/view_cards.php?id=1 and /admin/view_users.php?id=1, id parameter) and retrieve the information stored in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2025
Subscribe to Vulnerabilities