Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-22918
Publication date:
03/02/2025
Polycom RealPresence Group 500
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2025-24370
Publication date:
03/02/2025
Django-Unicorn adds modern reactive component functionality to Django templates. Affected versions of Django-Unicorn are vulnerable to python class pollution vulnerability. The vulnerability arises from the core functionality `set_property_value`, which can be remotely triggered by users by crafting appropriate component requests and feeding in values of second and third parameter to the vulnerable function, leading to arbitrary changes to the python runtime status. With this finding at least five ways of vulnerability exploitation have been observed, stably resulting in Cross-Site Scripting (XSS), Denial of Service (DoS), and Authentication Bypass attacks in almost every Django-Unicorn-based application. This issue has been addressed in version 0.62.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: CRITICAL
Last modification:
03/02/2025

CVE-2024-56898
Publication date:
03/02/2025
Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2025

CVE-2024-56901
Publication date:
03/02/2025
A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-56902
Publication date:
03/02/2025
Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-56903
Publication date:
03/02/2025
Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-57451
Publication date:
03/02/2025
ChestnutCMS
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2025

CVE-2023-52164
Publication date:
03/02/2025
access_device.cgi on Digiever DS-2105 Pro 3.1.0.71-11 devices allows arbitrary file read. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2024-34896
Publication date:
03/02/2025
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-34897
Publication date:
03/02/2025
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-44449
Publication date:
03/02/2025
Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2023-52163
Publication date:
03/02/2025
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025
Subscribe to Vulnerabilities