Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-52519
Publication date:
15/11/2024
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2025

CVE-2024-44625
Publication date:
15/11/2024
Gogs
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-50653
Publication date:
15/11/2024
CRMEB
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-50654
Publication date:
15/11/2024
lilishop
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-50655
Publication date:
15/11/2024
emlog pro
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-52515
Publication date:
15/11/2024
Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2024-11247
Publication date:
15/11/2024
A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity CVSS v4.0: MEDIUM
Last modification:
19/11/2024

CVE-2024-11248
Publication date:
15/11/2024
A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: HIGH
Last modification:
19/11/2024

CVE-2024-39726
Publication date:
15/11/2024
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity CVSS v4.0: Pending analysis
Last modification:
19/11/2024

CVE-2021-34752
Publication date:
15/11/2024
A vulnerability in the CLI of Cisco&amp;nbsp;FTD Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands with root privileges on the underlying operating system of an affected device.&amp;nbsp;<br /> <br /> This vulnerability is due to insufficient validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input to the affected commands. A successful exploit could allow the attacker to execute commands with root privileges on the underlying operating system.<br /> Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2021-34753
Publication date:
15/11/2024
A vulnerability in the payload inspection for Ethernet Industrial Protocol (ENIP) traffic for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured rules for ENIP traffic.<br /> <br /> This vulnerability is due to incomplete processing during deep packet inspection for ENIP packets. An attacker could exploit this vulnerability by sending a crafted ENIP packet to the targeted interface. A successful exploit could allow the attacker to bypass configured access control and intrusion policies that should trigger and drop for the ENIP packet.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2025

CVE-2022-20632
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.<br /> The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025
Subscribe to Vulnerabilities