Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-32605
Publication date:
14/05/2024
HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VM_memcpyvv in H5VM.c (called from H5D__compact_readvv in H5Dcompact.c).
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2025

CVE-2024-32606
Publication date:
14/05/2024
HDF5 Library through 1.14.3 may attempt to dereference uninitialized values in h5tools_str_sprint in tools/lib/h5tools_str.c (called from h5tools_dump_simple_data in tools/lib/h5tools_dump.c).
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2025

CVE-2024-32607
Publication date:
14/05/2024
HDF5 Library through 1.14.3 has a SEGV in H5A__close in H5Aint.c, resulting in the corruption of the instruction pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2025

CVE-2024-32609
Publication date:
14/05/2024
HDF5 Library through 1.14.3 allows stack consumption in the function H5E_printf_stack in H5Eint.c.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2025

CVE-2024-32610
Publication date:
14/05/2024
HDF5 Library through 1.14.3 has a SEGV in H5T_close_real in H5T.c, resulting in a corrupted instruction pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2025

CVE-2024-32476
Publication date:
14/05/2024
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. There is a Denial of Service (DoS) vulnerability via OOM using jq in ignoreDifferences. This vulnerability has been patched in version(s) 2.10.7, 2.9.12 and 2.8.16.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2025

CVE-2024-32100
Publication date:
14/05/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025

CVE-2024-31954
Publication date:
14/05/2024
An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker must already have user privileges)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-31953
Publication date:
14/05/2024
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2024-31952
Publication date:
14/05/2024
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2024-31810
Publication date:
14/05/2024
TOTOLINK EX200 V4.0.3c.7646_B20201211 was discovered to contain a hardcoded password for root at /etc/shadow.sample.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2024-31803
Publication date:
14/05/2024
Buffer Overflow vulnerability in emp-ot v.0.2.4 allows a remote attacker to execute arbitrary code via the FerretCOT::read_pre_data128_from_file function.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024
Subscribe to Vulnerabilities