Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6293

Publication date:
24/06/2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2024-6290

Publication date:
24/06/2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2024-6291

Publication date:
24/06/2024
Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2024-6292

Publication date:
24/06/2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
26/12/2024

CVE-2024-38903

Publication date:
24/06/2024
H3C Magic R230 V100R002's udpserver opens port 9034, allowing attackers to execute arbitrary commands.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-38902

Publication date:
24/06/2024
H3C Magic R230 V100R002 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2025

CVE-2024-38897

Publication date:
24/06/2024
WAVLINK WN551K1'live_check.shtml enables attackers to obtain sensitive router information.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2025

CVE-2024-38896

Publication date:
24/06/2024
WAVLINK WN551K1 found a command injection vulnerability through the start_hour parameter of /cgi-bin/nightled.cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2025

CVE-2024-38895

Publication date:
24/06/2024
WAVLINK WN551K1'live_mfg.shtml enables attackers to obtain sensitive router information.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2025

CVE-2024-38892

Publication date:
24/06/2024
An issue in Wavlink WN551K1 allows a remote attacker to obtain sensitive information via the ExportAllSettings.sh component.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2025

CVE-2024-38894

Publication date:
24/06/2024
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of /cgi-bin/touchlist_sync.cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2025

CVE-2023-45196

Publication date:
24/06/2024
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
Severity CVSS v4.0: Pending analysis
Last modification:
25/06/2024