Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-52917
Publication date:
18/11/2024
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2024-52918
Publication date:
18/11/2024
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2024-52919
Publication date:
18/11/2024
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2024-52920
Publication date:
18/11/2024
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2015-20111
Publication date:
18/11/2024
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2024-11306
Publication date:
18/11/2024
A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: MEDIUM
Last modification:
18/11/2024

CVE-2024-11305
Publication date:
18/11/2024
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: MEDIUM
Last modification:
18/11/2024

CVE-2023-43091
Publication date:
17/11/2024
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2025

CVE-2023-6110
Publication date:
17/11/2024
A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
05/12/2024

CVE-2024-0793
Publication date:
17/11/2024
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2023-0657
Publication date:
17/11/2024
A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2023-1419
Publication date:
17/11/2024
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024
Subscribe to Vulnerabilities