Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-4555
Publication date:
28/08/2024
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2025

CVE-2021-38122
Publication date:
28/08/2024
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.<br /> This issue affects NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-45346
Publication date:
28/08/2024
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2021-38120
Publication date:
28/08/2024
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper<br /> handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-38121
Publication date:
28/08/2024
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22529
Publication date:
28/08/2024
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22530
Publication date:
28/08/2024
A vulnerability identified in NetIQ Advance Authentication that doesn&amp;#39;t enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22509
Publication date:
28/08/2024
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-39771
Publication date:
28/08/2024
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2024

CVE-2024-39584
Publication date:
28/08/2024
Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot bypass and arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
20/12/2024

CVE-2023-43078
Publication date:
28/08/2024
Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
19/12/2024

CVE-2023-45896
Publication date:
28/08/2024
ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier&amp;#39;s perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities