Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-45442
Publication date:
04/09/2024
Vulnerability of permission verification for APIs in the DownloadProviderMain module<br /> Impact: Successful exploitation of this vulnerability will affect availability.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-45450
Publication date:
04/09/2024
Permission control vulnerability in the software update module.<br /> Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-42039
Publication date:
04/09/2024
Access control vulnerability in the SystemUI module<br /> Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-45441
Publication date:
04/09/2024
Input verification vulnerability in the system service module<br /> Impact: Successful exploitation of this vulnerability will affect availability.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-41716
Publication date:
04/09/2024
Cleartext storage of sensitive information vulnerability exists in WindLDR and WindO/I-NV4. If this vulnerability is exploited, an attacker who obtained the product&amp;#39;s project file may obtain user credentials of the PLC or Operator Interfaces. As a result, an attacker may be able to manipulate and/or suspend the PLC and Operator Interfaces by accessing or hijacking them.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-41927
Publication date:
04/09/2024
Cleartext transmission of sensitive information vulnerability exists in multiple IDEC PLCs. If an attacker sends a specific command to PLC&amp;#39;s serial communication port, user credentials may be obtained. As a result, the program of the PLC may be obtained, and the PLC may be manipulated.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2025

CVE-2024-7970
Publication date:
03/09/2024
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-8362
Publication date:
03/09/2024
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-45617
Publication date:
03/09/2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. <br /> <br /> Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-45618
Publication date:
03/09/2024
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. <br /> <br /> Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-45619
Publication date:
03/09/2024
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-45620
Publication date:
03/09/2024
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities