Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-31410
Publication date:
15/05/2024
The devices which CyberPower PowerPanel manages use identical certificates based on a <br /> hard-coded cryptographic key. This can allow an attacker to impersonate <br /> any client in the system and send malicious data.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2024-31856
Publication date:
15/05/2024
An attacker with certain MQTT permissions can create malicious messages <br /> to all CyberPower PowerPanel devices. This could result in an attacker injecting <br /> SQL syntax, writing arbitrary files to the system, and executing remote <br /> code.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2024-32042
Publication date:
15/05/2024
The key used to encrypt passwords stored in the database can be found in<br /> the <br /> CyberPower PowerPanel<br /> <br /> application code, allowing the passwords to be recovered.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2023-40297
Publication date:
15/05/2024
Stakater Forecastle 1.0.139 and before allows %5C../ directory traversal in the website component.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-4909
Publication date:
15/05/2024
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /view/student_due_payment.php. The manipulation of the argument due_year leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264444.
Severity CVSS v4.0: MEDIUM
Last modification:
20/02/2025

CVE-2024-4908
Publication date:
15/05/2024
A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument index leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264443.
Severity CVSS v4.0: MEDIUM
Last modification:
20/02/2025

CVE-2024-35102
Publication date:
15/05/2024
Insecure Permissions vulnerability in VITEC AvediaServer (Model avsrv-m8105) 8.6.2-1 allows a remote attacker to escalate privileges via a crafted script.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-4906
Publication date:
15/05/2024
A vulnerability, which was classified as critical, was found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/show_student1.php. The manipulation of the argument grade leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264441 was assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
20/02/2025

CVE-2024-4907
Publication date:
15/05/2024
A vulnerability has been found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view/show_student2.php. The manipulation of the argument grade leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-264442 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
20/02/2025

CVE-2024-3182
Publication date:
15/05/2024
Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user&amp;#39;s Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-4905
Publication date:
15/05/2024
A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-264438 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-20391
Publication date:
15/05/2024
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM.<br /> <br /> This vulnerability is due to a lack of authentication on a specific function. A successful exploit could allow the attacker to execute arbitrary code with SYSTEM privileges on an affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
22/07/2025
Subscribe to Vulnerabilities