Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-39583
Publication date:
10/09/2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025

CVE-2024-39582
Publication date:
10/09/2024
Dell PowerScale InsightIQ, version 5.0, contain a Use of hard coded Credentials vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025

CVE-2024-39574
Publication date:
10/09/2024
Dell PowerScale InsightIQ, version 5.1, contain an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2024-39581
Publication date:
10/09/2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to External Parties vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to read, modify, and delete arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025

CVE-2024-39580
Publication date:
10/09/2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains an Improper Access Control vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025

CVE-2024-7734
Publication date:
10/09/2024
An unauthenticated remote attacker can exploit the behavior of the pathfinder TCP encapsulation service by establishing a high number of TCP connections to the pathfinder TCP encapsulation service. The impact is limited to blocking of valid IPsec VPN peers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2024

CVE-2024-6596
Publication date:
10/09/2024
An unauthenticated remote attacker can run malicious c# code included in curve files and execute commands in the users context.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2024

CVE-2024-7618
Publication date:
10/09/2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘content’ parameter in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-7655
Publication date:
10/09/2024
The Community by PeepSo – Social Network, Membership, Registration, User Profiles plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-42424
Publication date:
10/09/2024
Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2024

CVE-2024-42427
Publication date:
10/09/2024
Dell ThinOS versions 2402 and 2405, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2024

CVE-2024-44072
Publication date:
10/09/2024
OS command injection vulnerability exists in BUFFALO wireless LAN routers and wireless LAN repeaters. If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS command may be executed.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2024
Subscribe to Vulnerabilities