Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-57513
Publication date:
29/01/2025
A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2025-0842
Publication date:
29/01/2025
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
25/02/2025

CVE-2025-0851
Publication date:
29/01/2025
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
Severity CVSS v4.0: CRITICAL
Last modification:
14/10/2025

CVE-2024-48761
Publication date:
29/01/2025
Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the "erro" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-51182
Publication date:
29/01/2025
HTML Injection vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary HTML code via the "erro" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-54851
Publication date:
29/01/2025
Teedy
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-54852
Publication date:
29/01/2025
When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various malicious actions, such as creating arbitrary accounts and spraying passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
24/05/2025

CVE-2024-57395
Publication date:
29/01/2025
Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-57509
Publication date:
29/01/2025
Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-57510
Publication date:
29/01/2025
Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2025

CVE-2024-11187
Publication date:
29/01/2025
It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources processing the queries. Zones will usually need to have been deliberately crafted to attack this exposure.<br /> This issue affects BIND 9 versions 9.11.0 through 9.11.37, 9.16.0 through 9.16.50, 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, 9.11.3-S1 through 9.11.37-S1, 9.16.8-S1 through 9.16.50-S1, and 9.18.11-S1 through 9.18.32-S1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2025

CVE-2024-12705
Publication date:
29/01/2025
Clients using DNS-over-HTTPS (DoH) can exhaust a DNS resolver&amp;#39;s CPU and/or memory by flooding it with crafted valid or invalid HTTP/2 traffic.<br /> This issue affects BIND 9 versions 9.18.0 through 9.18.32, 9.20.0 through 9.20.4, 9.21.0 through 9.21.3, and 9.18.11-S1 through 9.18.32-S1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025
Subscribe to Vulnerabilities