Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-32989
Publication date:
14/05/2024
Insufficient verification vulnerability in the system sharing pop-up module<br /> Impact: Successful exploitation of this vulnerability will affect availability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2024

CVE-2024-32990
Publication date:
14/05/2024
Permission verification vulnerability in the system sharing pop-up module<br /> Impact: Successful exploitation of this vulnerability will affect availability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2024

CVE-2024-32985
Publication date:
14/05/2024
Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online right away. Code fix mitigation is part of Stellar-core v20.4.0 release
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-32964
Publication date:
14/05/2024
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack intranet services, and leak sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-32874
Publication date:
14/05/2024
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-32776
Publication date:
14/05/2024
Missing Authorization vulnerability in AppPresser Team AppPresser.This issue affects AppPresser: from n/a through 4.3.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2025

CVE-2024-32737
Publication date:
14/05/2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_contract_result" function within MCUDBHelper.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-32738
Publication date:
14/05/2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_lean" function within MCUDBHelper.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-32739
Publication date:
14/05/2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_ptask_verbose" function within MCUDBHelper.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-32735
Publication date:
14/05/2024
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-32736
Publication date:
14/05/2024
A sql injection vulnerability exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can leak sensitive information via the "query_utask_verbose" function within MCUDBHelper.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-32724
Publication date:
14/05/2024
Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024
Subscribe to Vulnerabilities