Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-25770
Publication date:
26/02/2024
libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2024-25768
Publication date:
26/02/2024
OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-26455
Publication date:
26/02/2024
fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2020-36775
Publication date:
26/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix to avoid potential deadlock<br /> <br /> Using f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential<br /> deadlock like we did in f2fs_write_single_data_page().
Severity CVSS v4.0: Pending analysis
Last modification:
11/07/2025

CVE-2019-25160
Publication date:
26/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netlabel: fix out-of-bounds memory accesses<br /> <br /> There are two array out-of-bounds memory accesses, one in<br /> cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both<br /> errors are embarassingly simple, and the fixes are straightforward.<br /> <br /> As a FYI for anyone backporting this patch to kernels prior to v4.8,<br /> you&amp;#39;ll want to apply the netlbl_bitmap_walk() patch to<br /> cipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn&amp;#39;t exist before<br /> Linux v4.8.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2024

CVE-2019-25161
Publication date:
26/02/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2024

CVE-2024-27088
Publication date:
26/02/2024
es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2024-27081
Publication date:
26/02/2024
ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2024-27087
Publication date:
26/02/2024
Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don&amp;#39;t fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2024

CVE-2024-24402
Publication date:
26/02/2024
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2024-25767
Publication date:
26/02/2024
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2025

CVE-2024-24401
Publication date:
26/02/2024
SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025
Subscribe to Vulnerabilities