Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-9472

Publication date:

14/11/2024

A null pointer dereference in Palo Alto Networks PAN-OS software on PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series hardware platforms when Decryption policy is enabled allows an unauthenticated attacker to crash PAN-OS by sending specific traffic through the data plane, resulting in a denial of service (DoS) condition. Repeated attempts to trigger this condition will result in PAN-OS entering maintenance mode. Palo Alto Networks VM-Series, Cloud NGFW, and Prisma Access are not affected. This issue only affects PA-800 Series, PA-3200 Series, PA-5200 Series, and PA-7000 Series running these specific versions of PAN-OS: * 10.2.7-h12 * 10.2.8-h10 * 10.2.9-h9 * 10.2.9-h11 * 10.2.10-h2 * 10.2.10-h3 * 10.2.11 * 10.2.11-h1 * 10.2.11-h2 * 10.2.11-h3 * 11.1.2-h9 * 11.1.2-h12 * 11.1.3-h2 * 11.1.3-h4 * 11.1.3-h6 * 11.2.2 * 11.2.2-h1

Severity CVSS v4.0: HIGH

Last modification:

15/11/2024

CVE-2024-50305

Publication date:

14/11/2024

Valid Host header field can cause Apache Traffic Server to crash on some platforms. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Severity CVSS v4.0: Pending analysis

Last modification:

04/06/2025

CVE-2024-5917

Publication date:

14/11/2024

A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.

Severity CVSS v4.0: LOW

Last modification:

24/01/2025

CVE-2024-5918

Publication date:

14/11/2024

An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."

Severity CVSS v4.0: MEDIUM

Last modification:

01/10/2025

CVE-2024-50306

Publication date:

14/11/2024

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2024-47915

Publication date:

14/11/2024

VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2024

CVE-2024-47916

Publication date:

14/11/2024

Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;)

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2024

CVE-2024-45254

Publication date:

14/11/2024

VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation (&#39;Cross-site Scripting&#39;)

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2024

CVE-2024-47914

Publication date:

14/11/2024

VaeMendis - CWE-352: Cross-Site Request Forgery (CSRF)

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2024

CVE-2024-45253

Publication date:

14/11/2024

Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;)

Severity CVSS v4.0: Pending analysis

Last modification:

15/11/2024

CVE-2024-38479

Publication date:

14/11/2024

Improper Input Validation vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 8.0.0 through 8.1.11, from 9.0.0 through 9.2.5. Users are recommended to upgrade to version 9.2.6, which fixes the issue, or 10.0.2, which does not have the issue.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2024-2550

Publication date:

14/11/2024

A null pointer dereference vulnerability in the GlobalProtect gateway in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop the GlobalProtect service on the firewall by sending a specially crafted packet that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.

Severity CVSS v4.0: HIGH

Last modification:

24/01/2025

Subscribe to Vulnerabilities