Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6840

Publication date:

12/09/2024

An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege escalation to a service account.

Severity CVSS v4.0: Pending analysis

Last modification:

12/09/2024

CVE-2024-2743

Publication date:

12/09/2024

An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.

Severity CVSS v4.0: Pending analysis

Last modification:

14/09/2024

CVE-2024-4612

Publication date:

12/09/2024

An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAuth flow.

Severity CVSS v4.0: Pending analysis

Last modification:

14/09/2024

CVE-2024-4660

Publication date:

12/09/2024

An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a private project by using group templates.

Severity CVSS v4.0: Pending analysis

Last modification:

14/09/2024

CVE-2024-6702

Publication date:

12/09/2024

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2024

CVE-2024-6510

Publication date:

12/09/2024

Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.

Severity CVSS v4.0: Pending analysis

Last modification:

02/10/2024

CVE-2024-6658

Publication date:

12/09/2024

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)   From 7.2.49.0 to 7.2.54.11 (inclusive)   7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive)

Severity CVSS v4.0: Pending analysis

Last modification:

30/07/2025

CVE-2024-6700

Publication date:

12/09/2024

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2024

CVE-2024-6701

Publication date:

12/09/2024

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2024

CVE-2024-45826

Publication date:

12/09/2024

CVE-2024-45826 IMPACT Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.

Severity CVSS v4.0: Pending analysis

Last modification:

02/10/2024

CVE-2024-45825

Publication date:

12/09/2024

CVE-2024-45825 IMPACT A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.

Severity CVSS v4.0: Pending analysis

Last modification:

02/10/2024

CVE-2024-42483

Publication date:

12/09/2024

ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.

Severity CVSS v4.0: Pending analysis

Last modification:

23/09/2024

Subscribe to Vulnerabilities