Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-47518
Publication date:
10/01/2025
Specially constructed queries targeting ETM could discover active remote access sessions
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-47519
Publication date:
10/01/2025
Backup uploads to ETM subject to man-in-the-middle interception
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-47520
Publication date:
10/01/2025
A user with advanced report application access rights can perform actions for which they are not authorized
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-7142
Publication date:
10/01/2025
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-9131
Publication date:
10/01/2025
A user with administrator privileges can perform command injection
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-9132
Publication date:
10/01/2025
The administrator is able to configure an insecure captive portal script
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-9133
Publication date:
10/01/2025
A user with administrator privileges is able to retrieve authentication tokens
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-47517
Publication date:
10/01/2025
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-5872
Publication date:
10/01/2025
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-7095
Publication date:
10/01/2025
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2025

CVE-2024-54997
Publication date:
10/01/2025
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2024-54998
Publication date:
10/01/2025
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025
Subscribe to Vulnerabilities