Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-39254
Publication date:
01/03/2024
Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2023-48674
Publication date:
01/03/2024
Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-2078
Publication date:
01/03/2024
A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-2057
Publication date:
01/03/2024
A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-2059
Publication date:
01/03/2024
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2024

CVE-2024-26280
Publication date:
01/03/2024
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.<br /> <br /> Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2025

CVE-2024-2058
Publication date:
01/03/2024
A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
10/12/2024

CVE-2024-22457
Publication date:
01/03/2024
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-22458
Publication date:
01/03/2024
Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-1120
Publication date:
01/03/2024
The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer &amp; Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2024-25972
Publication date:
01/03/2024
Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-0692
Publication date:
01/03/2024
The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025
Subscribe to Vulnerabilities