Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22032
Publication date:
16/10/2024
A vulnerability has been identified in which an RKE1 cluster keeps <br /> constantly reconciling when secrets encryption configuration is enabled.<br /> When reconciling, the Kube API secret values are written in plaintext <br /> on the AppliedSpec. Cluster owners, Cluster members, and Project members<br /> (for projects within the cluster), all have RBAC permissions to view <br /> the cluster object from the apiserver.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2024

CVE-2024-22033
Publication date:
16/10/2024
The OBS service obs-service-download_url was vulnerable to a command injection vulnerability. The attacker could provide a configuration to the service that allowed to execute command in later steps
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2024

CVE-2024-22034
Publication date:
16/10/2024
Attackers could put the special files in .osc into the actual package sources (e.g. _apiurl). This allows the attacker to change the configuration of osc for the victim
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2024-47351
Publication date:
16/10/2024
Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in The CSSIgniter Team MaxSlider allows Path Traversal.This issue affects MaxSlider: from n/a through 1.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-32189
Publication date:
16/10/2024
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys
Severity CVSS v4.0: MEDIUM
Last modification:
29/10/2024

CVE-2024-22029
Publication date:
16/10/2024
Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2025

CVE-2024-22030
Publication date:
16/10/2024
A vulnerability has been identified within Rancher that can be exploited<br /> in narrow circumstances through a man-in-the-middle (MITM) attack. An <br /> attacker would need to have control of an expired domain or execute a <br /> DNS spoofing/hijacking attack against the domain to exploit this <br /> vulnerability. The targeted domain is the one used as the Rancher URL.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2024-49247
Publication date:
16/10/2024
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza BuddyPress Better Registration allows : Authentication Bypass.This issue affects BuddyPress Better Registration: from n/a through 1.6.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2024-49257
Publication date:
16/10/2024
Unrestricted Upload of File with Dangerous Type vulnerability in Denis Azz Anonim Posting allows Upload a Web Shell to a Web Server.This issue affects Azz Anonim Posting: from n/a through 0.9.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2024-49271
Publication date:
16/10/2024
: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Unlimited Elements Unlimited Elements For Elementor (Free Widgets, Addons, Templates) allows : Command Injection.This issue affects Unlimited Elements For Elementor (Free Widgets, Addons, Templates): from n/a through 1.5.121.
Severity CVSS v4.0: Pending analysis
Last modification:
05/02/2025

CVE-2023-32196
Publication date:
16/10/2024
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2024

CVE-2024-10023
Publication date:
16/10/2024
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
21/10/2024
Subscribe to Vulnerabilities