Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-11318
Publication date:
18/11/2024
An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2024-8781
Publication date:
18/11/2024
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188.
Severity CVSS v4.0: HIGH
Last modification:
18/11/2024

CVE-2024-9526
Publication date:
18/11/2024
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d
Severity CVSS v4.0: HIGH
Last modification:
23/07/2025

CVE-2024-11303
Publication date:
18/11/2024
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2.
Severity CVSS v4.0: HIGH
Last modification:
21/11/2024

CVE-2024-3370
Publication date:
18/11/2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024.
Severity CVSS v4.0: HIGH
Last modification:
18/11/2024

CVE-2024-52318
Publication date:
18/11/2024
Incorrect object recycling and reuse vulnerability in Apache Tomcat.<br /> <br /> This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.<br /> <br /> Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2025

CVE-2024-48897
Publication date:
18/11/2024
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2024-48896
Publication date:
18/11/2024
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users&amp;#39; names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2024-48898
Publication date:
18/11/2024
A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2024-48901
Publication date:
18/11/2024
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2024

CVE-2024-52317
Publication date:
18/11/2024
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests <br /> could lead to request and/or response mix-up between users.<br /> <br /> This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.<br /> <br /> Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2025

CVE-2024-52316
Publication date:
18/11/2024
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way.<br /> <br /> This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.<br /> <br /> The following versions were EOL at the time the CVE was created but are <br /> known to be affected: 8.5.0 though 8.5.100. Other EOL versions may also be affected.<br /> <br /> <br /> Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2025
Subscribe to Vulnerabilities