Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-23663
Publication date:
09/07/2024
An improper access control in Fortinet FortiExtender 4.1.1 - 4.1.9, 4.2.0 - 4.2.6, 5.3.2, 7.0.0 - 7.0.4, 7.2.0 - 7.2.4 and 7.4.0 - 7.4.2 allows an attacker to create users with elevated privileges via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2024

CVE-2024-26015
Publication date:
09/07/2024
An incorrect parsing of numbers with different radices vulnerability [CWE-1389] in FortiProxy version 7.4.3 and below, version 7.2.10 and below, version 7.0.17 and below and FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.15 and below IP address validation feature may permit an unauthenticated attacker to bypass the IP blocklist via crafted requests.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2024

CVE-2023-40356
Publication date:
09/07/2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA configuration. Under certain conditions, this configuration could allow for a new MFA device to be paired with a target user account without requiring second-factor authentication from the target’s existing registered devices. A threat actor might be able to exploit this vulnerability to register their own MFA device with a target user’s account if they have existing knowledge of the target user’s first factor credential.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2024

CVE-2023-40702
Publication date:
09/07/2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2024

CVE-2023-50178
Publication date:
09/07/2024
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2.0 through 7.2.3, 7.1 all versions, 7.0 all versions, 6.2 all versions, 6.1 all versions and 6.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and various remote servers such as private SDN connectors and FortiToken Cloud.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2023-50179
Publication date:
09/07/2024
An improper certificate validation vulnerability [CWE-295] in FortiADC 7.4.0, 7.2 all versions, 7.1 all versions, 7.0 all versions may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the device and public SDN connectors.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2024

CVE-2023-50181
Publication date:
09/07/2024
An improper access control vulnerability [CWE-284] in Fortinet FortiADC version 7.4.0 through 7.4.1 and before 7.2.4 allows a read only authenticated attacker to perform some write actions via crafted HTTP or HTTPS requests.
Severity CVSS v4.0: Pending analysis
Last modification:
09/09/2024

CVE-2024-6611
Publication date:
09/07/2024
A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-6612
Publication date:
09/07/2024
CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-6613
Publication date:
09/07/2024
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-6614
Publication date:
09/07/2024
The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2024-6615
Publication date:
09/07/2024
Memory safety bugs present in Firefox 127 and Thunderbird 127. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025
Subscribe to Vulnerabilities