Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-12700
Publication date:
19/12/2024
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server.
Severity CVSS v4.0: HIGH
Last modification:
19/12/2024

CVE-2024-54984
Publication date:
19/12/2024
An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. NOTE: this is disputed by the supplier.
Severity CVSS v4.0: Pending analysis
Last modification:
07/01/2025

CVE-2024-54982
Publication date:
19/12/2024
An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. NOTE: Quectel disputes this because the issue is in the chipset supply chain and is not localized to one or more Quectel products.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2024-54983
Publication date:
19/12/2024
An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2024

CVE-2024-2201
Publication date:
19/12/2024
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2024-12727
Publication date:
19/12/2024
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-12728
Publication date:
19/12/2024
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-12729
Publication date:
19/12/2024
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-12175
Publication date:
19/12/2024
Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Severity CVSS v4.0: HIGH
Last modification:
13/03/2025

CVE-2024-11157
Publication date:
19/12/2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Severity CVSS v4.0: HIGH
Last modification:
13/03/2025

CVE-2024-12672
Publication date:
19/12/2024
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Severity CVSS v4.0: HIGH
Last modification:
03/04/2025

CVE-2024-11364
Publication date:
19/12/2024
Another “uninitialized variable” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor.
Severity CVSS v4.0: HIGH
Last modification:
11/07/2025
Subscribe to Vulnerabilities