Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-5083
Publication date:
14/11/2024
A stored Cross-site Scripting vulnerability has been discovered in Sonatype Nexus Repository 2<br /> <br /> This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
Severity CVSS v4.0: MEDIUM
Last modification:
15/11/2024

CVE-2024-40408
Publication date:
13/11/2024
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the Create Profile section. This vulnerability allows attackers to create arbitrary user profiles with elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-40410
Publication date:
13/11/2024
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain a hardcoded cryptographic key used for encryption.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-40404
Publication date:
13/11/2024
Cybele Software Thinfinity Workspace before v7.0.2.113 was discovered to contain an access control issue in the API endpoint where Web Sockets connections are established.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-40405
Publication date:
13/11/2024
Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-40407
Publication date:
13/11/2024
A full path disclosure in Cybele Software Thinfinity Workspace before v7.0.2.113 allows attackers to obtain the root path of the application via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-50955
Publication date:
13/11/2024
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-50956
Publication date:
13/11/2024
A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2024-51027
Publication date:
13/11/2024
Ruijie NBR800G gateway NBR_RGOS_11.1(6)B4P9 is vulnerable to command execution in /itbox_pi/networksafe.php via the province parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2024-45878
Publication date:
13/11/2024
The "Stammdaten" menu of baltic-it TOPqw Webportal v1.35.283.2 (fixed in version 1.35.291), in /Apps/TOPqw/qwStammdaten.aspx, is vulnerable to persistent Cross-Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2024

CVE-2024-45879
Publication date:
13/11/2024
The file upload function in the "QWKalkulation" tool of baltic-it TOPqw Webportal v1.35.287.1 (fixed in version 1.35.291), in /Apps/TOPqw/QWKalkulation/QWKalkulation.aspx, is vulnerable to Cross-Site Scripting (XSS). To exploit the persistent XSS vulnerability, an attacker has to be authenticated to the application that uses the "TOPqw Webportal" as a software. When authenticated, the attacker can persistently place the malicious JavaScript code in the "QWKalkulation" menu.&amp;#39;
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2024

CVE-2024-52550
Publication date:
13/11/2024
Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous build whose (Jenkinsfile) script is no longer approved.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2025
Subscribe to Vulnerabilities