Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-48683
Publication date:
10/06/2024
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-22279
Publication date:
10/06/2024
Improper handling of requests in Routing Release > v0.273.0 and
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2022-32933
Publication date:
10/06/2024
An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-36409
Publication date:
10/06/2024
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-36410
Publication date:
10/06/2024
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-31612
Publication date:
10/06/2024
Emlog pro2.3 is vulnerable to Cross Site Request Forgery (CSRF) via twitter.php which can be used with a XSS vulnerability to access administrator information.
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024

CVE-2024-5597
Publication date:
10/06/2024
Fuji Electric Monitouch V-SFT is vulnerable to a type confusion, which could cause a crash or code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-5102
Publication date:
10/06/2024
A sym-linked file accessed via the repair function in Avast Antivirus troubleshooting -&gt; repair) feature, which attempts to delete a file in the current user&amp;#39;s AppData directory as NT AUTHORITY\SYSTEM. A low-privileged user can make a pseudo-symlink and a junction folder and point to a file on the system. This can provide a low-privileged user an Elevation of Privilege to win a race-condition which will re-create the system files and make Windows callback to a specially-crafted file which could be used to launch a privileged shell instance.<br /> <br /> This issue affects Avast Antivirus prior to 24.2.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-3850
Publication date:
10/06/2024
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is limited. Also, even if JavaScript is executed, no additional benefits are obtained.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-36407
Publication date:
10/06/2024
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is also dependent on some password reset functionalities being enabled. It also requires the system using php 7, which is not an officially supported version. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-36408
Publication date:
10/06/2024
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024

CVE-2024-35749
Publication date:
10/06/2024
Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2024
Subscribe to Vulnerabilities