Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-24759
Publication date:
05/09/2024
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-45392
Publication date:
05/09/2024
SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-44727
Publication date:
05/09/2024
Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-44728
Publication date:
05/09/2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-45097
Publication date:
05/09/2024
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-45098
Publication date:
05/09/2024
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-45176
Publication date:
05/09/2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2025

CVE-2024-45171
Publication date:
05/09/2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https:///backup/upload_. Due to broken access control, low-privileged authenticated users can also use this file upload functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2025

CVE-2024-45175
Publication date:
05/09/2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2025

CVE-2024-45589
Publication date:
05/09/2024
RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-45096
Publication date:
05/09/2024
IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-42885
Publication date:
05/09/2024
SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025
Subscribe to Vulnerabilities