Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-0223
Publication date:
04/01/2024
Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
18/06/2025

CVE-2024-20808
Publication date:
04/01/2024
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2024-20809
Publication date:
04/01/2024
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2024-20802
Publication date:
04/01/2024
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2024-20803
Publication date:
04/01/2024
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2024-20804
Publication date:
04/01/2024
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2024

CVE-2024-20806
Publication date:
04/01/2024
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2024-20807
Publication date:
04/01/2024
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2024

CVE-2024-20805
Publication date:
04/01/2024
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2023-50256
Publication date:
03/01/2024
Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024

CVE-2023-5138
Publication date:
03/01/2024
Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2024

CVE-2024-21634
Publication date:
03/01/2024
Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2024
Subscribe to Vulnerabilities