Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-3119
Publication date:
10/04/2024
A buffer overflow vulnerability exists in all versions of sngrep since v0.4.2, due to improper handling of &amp;#39;Call-ID&amp;#39; and &amp;#39;X-Call-ID&amp;#39; SIP headers. The functions sip_get_callid and sip_get_xcallid in sip.c use the strncpy function to copy header contents into fixed-size buffers without checking the data length. This flaw allows remote attackers to execute arbitrary code or cause a denial of service (DoS) through specially crafted SIP messages.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-3120
Publication date:
10/04/2024
A stack-buffer overflow vulnerability exists in all versions of sngrep since v1.4.1. The flaw is due to inadequate bounds checking when copying &amp;#39;Content-Length&amp;#39; and &amp;#39;Warning&amp;#39; headers into fixed-size buffers in the sip_validate_packet and sip_parse_extra_headers functions within src/sip.c. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (DoS) via crafted SIP messages.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-3524
Publication date:
10/04/2024
A vulnerability, which was classified as problematic, has been found in Campcodes Online Event Management System 1.0. This issue affects some unknown processing of the file /views/process.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259895.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-3525
Publication date:
10/04/2024
A vulnerability, which was classified as problematic, was found in Campcodes Online Event Management System 1.0. Affected is an unknown function of the file /views/index.php. The manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259896.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2023-40148
Publication date:
10/04/2024
Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-3522
Publication date:
09/04/2024
A vulnerability classified as critical has been found in Campcodes Online Event Management System 1.0. This affects an unknown part of the file /api/process.php. The manipulation of the argument userId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259893 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-3523
Publication date:
09/04/2024
A vulnerability classified as critical was found in Campcodes Online Event Management System 1.0. This vulnerability affects unknown code of the file /views/index.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259894 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-3313
Publication date:
09/04/2024
SUBNET Solutions Inc. has identified vulnerabilities in third-party <br /> components used in PowerSYSTEM Server 2021 and Substation Server 2021.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2024

CVE-2024-3521
Publication date:
09/04/2024
A vulnerability was found in Byzoro Smart S80 Management Platform up to 20240317. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-3556
Publication date:
09/04/2024
Rejected reason: Duplicate of CVE-2024-3557
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2024

CVE-2024-27665
Publication date:
09/04/2024
Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-3446
Publication date:
09/04/2024
A double free vulnerability was found in QEMU virtio devices (virtio-gpu, virtio-serial-bus, virtio-crypto), where the mem_reentrancy_guard flag insufficiently protects against DMA reentrancy issues. This issue could allow a malicious privileged guest user to crash the QEMU process on the host, resulting in a denial of service or allow arbitrary code execution within the context of the QEMU process on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025
Subscribe to Vulnerabilities