Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-0866
Publication date:
26/03/2024
The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-2732
Publication date:
26/03/2024
The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2025

CVE-2024-29303
Publication date:
26/03/2024
The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-29302
Publication date:
26/03/2024
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-29301
Publication date:
26/03/2024
SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id=
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-0901
Publication date:
25/03/2024
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-28421
Publication date:
25/03/2024
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2024-1973
Publication date:
25/03/2024
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-21914
Publication date:
25/03/2024
<br /> A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2024-2873
Publication date:
25/03/2024
A vulnerability was found in wolfSSH&amp;#39;s server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-29442
Publication date:
25/03/2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2024

CVE-2023-47430
Publication date:
25/03/2024
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2024
Subscribe to Vulnerabilities