Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46902
Publication date:
22/10/2024
A vulnerability in Trend Micro Deep Discovery Inspector (DDI) versions 5.8 and above could allow an attacker to disclose sensitive information affected installations.<br /> <br /> Please note: an attacker must first obtain the ability to execute high-privileged code (admin user rights) on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2024

CVE-2024-48904
Publication date:
22/10/2024
An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances.<br /> <br /> Please note: authentication is not required in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2024-41183
Publication date:
22/10/2024
Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2024-45334
Publication date:
22/10/2024
Trend Micro Antivirus One versions 3.10.4 and below (Consumer) is vulnerable to an Arbitrary Configuration Update that could allow unauthorized access to product configurations and functions.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-45335
Publication date:
22/10/2024
Trend Micro Antivirus One, version 3.10.4 and below contains a vulnerability that could allow an attacker to use a specifically crafted virus to allow itself to bypass and evade a virus scan detection.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-39753
Publication date:
22/10/2024
An modOSCE SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations.<br /> <br /> Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2024-10183
Publication date:
22/10/2024
A vulnerability in Jamf Pro&amp;#39;s Jamf Remote Assist tool allows a local, non-privileged user to escalate their privileges to root on MacOS systems.
Severity CVSS v4.0: MEDIUM
Last modification:
23/10/2024

CVE-2024-49211
Publication date:
22/10/2024
Reflected XSS was discovered in a Dashboard Listing Archer Platform UX page in Archer Platform 6.x before version 2024.08. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2024

CVE-2024-9129
Publication date:
22/10/2024
In versions of Zend Server 8.5 and prior to version 9.2 a format string injection was discovered. <br /> <br /> Reported by Dylan Marino
Severity CVSS v4.0: CRITICAL
Last modification:
23/10/2024

CVE-2024-9287
Publication date:
22/10/2024
A vulnerability has been found in the CPython `venv` module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts (ie "source venv/bin/activate"). This means that attacker-controlled virtual environments are able to run commands when the virtual environment is activated. Virtual environments which are not created by an attacker or which aren&amp;#39;t activated before being used (ie "./venv/bin/python") are not affected.
Severity CVSS v4.0: MEDIUM
Last modification:
03/11/2025

CVE-2024-49209
Publication date:
22/10/2024
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. A remote unprivileged attacker could potentially exploit this vulnerability to elevate their privileges and upload additional system icons.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-49210
Publication date:
22/10/2024
Reflected XSS was discovered in an iView List Archer Platform UX page in Archer Platform 6.x before version 2024.09. A remote unauthenticated attacker could potentially exploit this by tricking a victim application user into supplying malicious HTML or JavaScript code to the vulnerable web application; the malicious code is then reflected back to the victim and executed by the web browser in the context of the vulnerable web application.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2024
Subscribe to Vulnerabilities