Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22269
Publication date:
14/05/2024
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2024-22268
Publication date:
14/05/2024
VMware Workstation and Fusion contain a heap buffer-overflow vulnerability in the Shader functionality. A malicious actor with non-administrative access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to create a denial of service condition.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-22267
Publication date:
14/05/2024
VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine&amp;#39;s VMX process running on the host.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-1914
Publication date:
14/05/2024
An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. <br /> <br /> The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system. <br /> <br /> Below are reported vulnerabilities in the Robot Ware versions. <br /> <br /> * IRC5- RobotWare 6
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2025

CVE-2024-1913
Publication date:
14/05/2024
<br /> An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code. <br /> <br /> The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerability arises under specific condition when specially crafted message is processed by the system.<br /> <br /> Below are reported vulnerabilities in the Robot Ware versions.<br /> <br /> * IRC5- RobotWare 6
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2025

CVE-2024-1628
Publication date:
14/05/2024
OS command injection vulnerabilities in GE HealthCare ultrasound devices
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-1598
Publication date:
14/05/2024
Potential buffer overflow <br /> in unsafe UEFI variable handling <br /> <br /> in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:<br /> <br /> SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2024-1486
Publication date:
14/05/2024
Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-0870
Publication date:
14/05/2024
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the &amp;#39;save_mail_status&amp;#39; and &amp;#39;save_email_settings&amp;#39; functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-0762
Publication date:
14/05/2024
Potential buffer overflow <br /> in unsafe UEFI variable handling <br /> <br /> in Phoenix SecureCore™ for select Intel platforms<br /> <br /> <br /> This issue affects:<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;<br /> <br /> <br /> Phoenix <br /> <br /> SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2025

CVE-2023-6812
Publication date:
14/05/2024
The WP Compress – Image Optimizer [All-In-One plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 6.20.01. This is due to insufficient validation on the redirect url supplied via the &amp;#39;css&amp;#39; parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2023-46280
Publication date:
14/05/2024
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions
Severity CVSS v4.0: HIGH
Last modification:
15/04/2026
Subscribe to Vulnerabilities