Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-25196
Publication date:
20/02/2024
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2024-25197
Publication date:
20/02/2024
Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2024-25198
Publication date:
20/02/2024
Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2024-25199
Publication date:
20/02/2024
Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2024-26268
Publication date:
20/02/2024
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2024-26270
Publication date:
20/02/2024
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.
Severity CVSS v4.0: Pending analysis
Last modification:
28/01/2025

CVE-2023-42791
Publication date:
20/02/2024
A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-50306
Publication date:
20/02/2024
IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337.
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2024-1546
Publication date:
20/02/2024
When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-1547
Publication date:
20/02/2024
Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2024-1548
Publication date:
20/02/2024
A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-1549
Publication date:
20/02/2024
If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025
Subscribe to Vulnerabilities