Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35172
Publication date:
14/05/2024
Server-Side Request Forgery (SSRF) vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-35204
Publication date:
14/05/2024
Veritas System Recovery before 23.3_Hotfix has incorrect permissions for the Veritas System Recovery folder, and thus low-privileged users can conduct attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2024

CVE-2024-35170
Publication date:
14/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Hidden Depth Sticky banner allows Stored XSS.This issue affects Sticky banner: from n/a through 1.2.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-35171
Publication date:
14/05/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Academy LMS academy.This issue affects Academy LMS: from n/a through 1.9.25.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-35166
Publication date:
14/05/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-35167
Publication date:
14/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in EnvoThemes Envo&amp;#39;s Elementor Templates &amp; Widgets for WooCommerce allows Stored XSS.This issue affects Envo&amp;#39;s Elementor Templates &amp; Widgets for WooCommerce: from n/a through 1.4.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2025

CVE-2024-35169
Publication date:
14/05/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in AREOI All Bootstrap Blocks allows Stored XSS.This issue affects All Bootstrap Blocks: from n/a through 1.3.15.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-35049
Publication date:
14/05/2024
SurveyKing v1.3.1 was discovered to keep users&amp;#39; sessions active after logout. Related to an incomplete fix for CVE-2022-25590.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2024-35050
Publication date:
14/05/2024
An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2024-35099
Publication date:
14/05/2024
TOTOLINK LR350 V9.3.5u.6698_B20230810 was discovered to contain a stack overflow via the password parameter in the function loginAuth.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2024-35165
Publication date:
14/05/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2024-34942
Publication date:
14/05/2024
Tenda FH1206 V1.2.0.8(8155)_EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025
Subscribe to Vulnerabilities