Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-26601
Publication date:
26/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: regenerate buddy after block freeing failed if under fc replay<br /> <br /> This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant<br /> mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on<br /> code in mb_free_blocks(), fast commit replay can end up marking as free<br /> blocks that are already marked as such. This causes corruption of the<br /> buddy bitmap so we need to regenerate it in that case.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2024

CVE-2024-26465
Publication date:
26/02/2024
A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
25/11/2024

CVE-2024-25763
Publication date:
26/02/2024
openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c.
Severity CVSS v4.0: Pending analysis
Last modification:
06/12/2024

CVE-2024-25913
Publication date:
26/02/2024
Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2024-25925
Publication date:
26/02/2024
Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees &amp; Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees &amp; Discounts: from n/a through 3.5.12.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2024-25909
Publication date:
26/02/2024
Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2024-26466
Publication date:
26/02/2024
A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2025

CVE-2024-26467
Publication date:
26/02/2024
A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2025

CVE-2024-26468
Publication date:
26/02/2024
A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2025

CVE-2024-24568
Publication date:
26/02/2024
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-23839
Publication date:
26/02/2024
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2024-25410
Publication date:
26/02/2024
flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025
Subscribe to Vulnerabilities