Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-43496
Publication date:
19/09/2024
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-38221
Publication date:
19/09/2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-9001
Publication date:
19/09/2024
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2024

CVE-2024-25673
Publication date:
19/09/2024
Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2024-33109
Publication date:
19/09/2024
Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2024-40125
Publication date:
19/09/2024
An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the upload endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024

CVE-2024-47160
Publication date:
19/09/2024
In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2024

CVE-2024-47162
Publication date:
19/09/2024
In JetBrains YouTrack before 2024.3.44799 token could be revealed on Imports page
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2024

CVE-2024-8963
Publication date:
19/09/2024
Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
24/10/2025

CVE-2024-47159
Publication date:
19/09/2024
In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2024

CVE-2024-8651
Publication date:
19/09/2024
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks.<br /> This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.<br /> <br /> Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-8652
Publication date:
19/09/2024
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user&amp;#39;s browser when they visit specific path on the site.<br /> This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others.<br /> <br /> Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024
Subscribe to Vulnerabilities