Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-41519
Publication date:
02/08/2024
Feripro
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2024

CVE-2024-41310
Publication date:
02/08/2024
AndServer 2.1.12 is vulnerable to Directory Traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-41517
Publication date:
02/08/2024
An Incorrect Access Control vulnerability in "/admin/benutzer/institution/rechteverwaltung/uebersicht" in Feripro
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2024

CVE-2024-41518
Publication date:
02/08/2024
An Incorrect Access Control vulnerability in "/admin/programm//export/statistics" in Feripro
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2024

CVE-2024-7029
Publication date:
02/08/2024
Commands can be injected over the network and executed without authentication.
Severity CVSS v4.0: HIGH
Last modification:
17/09/2024

CVE-2024-41127
Publication date:
02/08/2024
Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the Monkey CI workflow completes. When it runs, it will download an artifact uploaded by the triggering workflow and assign the contents of ./pr_num/pr_num.txt artifact to the steps.pr_num_reader.outputs.content WorkFlow variable. It is not validated that the variable is actually a number and later it is interpolated into a JS script allowing an attacker to change the code to be executed. This issue leads to pull-requests write access. This vulnerability is fixed in 24.30.0.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-38890
Publication date:
02/08/2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2024-7323
Publication date:
02/08/2024
Digiwin EasyFlow .NET lacks proper access control for specific functionality, and the functionality do not adequately filter user input. A remote attacker with regular privilege can exploit this vulnerability to download arbitrary files from the remote server .
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2024

CVE-2024-40721
Publication date:
02/08/2024
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2024

CVE-2024-40722
Publication date:
02/08/2024
The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily disrupting its service.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2024

CVE-2024-40723
Publication date:
02/08/2024
The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily disrupting its service.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2024

CVE-2024-6704
Publication date:
02/08/2024
The Comments – wpDiscuz plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 7.6.21. This is due to a lack of filtering of HTML tags in comments. This makes it possible for unauthenticated attackers to add HTML such as hyperlinks to comments when rich editing is disabled.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2025
Subscribe to Vulnerabilities