Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-0901
Publication date:
25/03/2024
Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-28421
Publication date:
25/03/2024
SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2024-1973
Publication date:
25/03/2024
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-21914
Publication date:
25/03/2024
<br /> A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2024-2873
Publication date:
25/03/2024
A vulnerability was found in wolfSSH&amp;#39;s server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2024

CVE-2024-29442
Publication date:
25/03/2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2024

CVE-2023-47430
Publication date:
25/03/2024
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2024

CVE-2024-29440
Publication date:
25/03/2024
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2024

CVE-2024-2425
Publication date:
25/03/2024
<br /> A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-2426
Publication date:
25/03/2024
<br /> A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-2427
Publication date:
25/03/2024
<br /> A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-29179
Publication date:
25/03/2024
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025
Subscribe to Vulnerabilities