Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-2045
Publication date:
06/03/2025
Improper authorization in GitLab EE affecting all versions from 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 allow users with limited permissions to access to potentially sensitive project analytics data.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2025-1666
Publication date:
06/03/2025
The Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the send_uninstall_survey() function in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit the uninstall survey on behalf of a website.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2025-1696
Publication date:
06/03/2025
A vulnerability exists in Docker Desktop prior to version 4.39.0 that could lead to the unintentional disclosure of sensitive information via application logs. In affected versions, proxy configuration data—potentially including sensitive details—was written to log files in clear text whenever an HTTP GET request was made through a proxy. An attacker with read access to these logs could obtain the proxy information and leverage it for further attacks or unauthorized access. Starting with version 4.39.0, Docker Desktop no longer logs the proxy string, thereby mitigating this risk.
Severity CVSS v4.0: MEDIUM
Last modification:
06/03/2025

CVE-2025-1383
Publication date:
06/03/2025
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.2. This is due to missing or incorrect nonce validation on the ajax_transcript_delete() function. This makes it possible for unauthenticated attackers to delete arbitrary episode transcripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2024-7872
Publication date:
06/03/2025
Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2024-56195
Publication date:
06/03/2025
Improper Access Control vulnerability in Apache Traffic Server.<br /> <br /> This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3.<br /> <br /> Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2024-56196
Publication date:
06/03/2025
Improper Access Control vulnerability in Apache Traffic Server.<br /> <br /> This issue affects Apache Traffic Server: from 10.0.0 through 10.0.3.<br /> <br /> Users are recommended to upgrade to version 10.0.4, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2024-38311
Publication date:
06/03/2025
Improper Input Validation vulnerability in Apache Traffic Server.<br /> <br /> This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.<br /> <br /> Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2024-56202
Publication date:
06/03/2025
Expected Behavior Violation vulnerability in Apache Traffic Server.<br /> <br /> This issue affects Apache Traffic Server: from 9.0.0 through 9.2.8, from 10.0.0 through 10.0.3.<br /> <br /> Users are recommended to upgrade to versions 9.2.9 or 10.0.4 or newer, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2025-1672
Publication date:
06/03/2025
The Notibar – Notification Bar for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2024-13902
Publication date:
06/03/2025
A vulnerability, which was classified as problematic, was found in huang-yk student-manage 1.0. This affects an unknown part of the component Edit a Student Information Page. The manipulation of the argument Class leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
06/03/2025

CVE-2025-1540
Publication date:
06/03/2025
An issue has been discovered in GitLab CE/EE for Self-Managed and Dedicated instances affecting all versions from 17.5 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2. It was possible for a user added as an External to read and clone internal projects under certain circumstances."
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025
Subscribe to Vulnerabilities