Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-37768
Publication date:
05/07/2024
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-37769
Publication date:
05/07/2024
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-39210
Publication date:
05/07/2024
Best House Rental Management System v1.0 was discovered to contain an arbitrary file read vulnerability via the Page parameter at index.php. This vulnerability allows attackers to read arbitrary PHP files and access other sensitive information within the application.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2024

CVE-2024-23997
Publication date:
05/07/2024
Lukas Bach yana =
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-23998
Publication date:
05/07/2024
goanother Another Redis Desktop Manager =
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2024

CVE-2024-29318
Publication date:
05/07/2024
Volmarg Personal Management System 1.4.64 is vulnerable to stored cross site scripting (XSS) via upload of a SVG file with embedded javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-29319
Publication date:
05/07/2024
Volmarg Personal Management System 1.4.64 is vulnerable to SSRF (Server Side Request Forgery) via uploading a SVG file. The server can make unintended HTTP and DNS requests to a server that the attacker controls.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2024

CVE-2024-39028
Publication date:
05/07/2024
An issue was discovered in SeaCMS
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-6505
Publication date:
05/07/2024
A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirections_table data within RSS becomes controllable. Setting excessively large values may cause an index out-of-bounds issue, potentially resulting in heap overflow access. This flaw allows a privileged user in the guest to crash the QEMU process on the host.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2024

CVE-2024-6526
Publication date:
05/07/2024
A vulnerability classified as problematic has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03. This affects an unknown part. The manipulation of the argument search_title/catName/sub/name/categorie leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1b3da45308bb6c3f55247d0e99620b600bd85277. It is recommended to apply a patch to fix this issue. The identifier VDB-270369 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2024

CVE-2024-39864
Publication date:
05/07/2024
The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.<br /> <br /> Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
19/03/2025

CVE-2024-23588
Publication date:
05/07/2024
HCL Nomad server on Domino fails to properly handle users configured with limited Domino access resulting in a possible denial of service vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2024
Subscribe to Vulnerabilities