Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-21739

Publication date:

25/06/2024

Geehy APM32F103CCT6, APM32F103RCT6, APM32F103RCT7, and APM32F103VCT6 devices have Incorrect Access Control.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2024

CVE-2024-21740

Publication date:

25/06/2024

Artery AT32F415CBT7 and AT32F421C8T7 devices have Incorrect Access Control.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2024

CVE-2024-21741

Publication date:

25/06/2024

GigaDevice GD32E103C8T6 devices have Incorrect Access Control.

Severity CVSS v4.0: Pending analysis

Last modification:

13/03/2025

CVE-2024-5276

Publication date:

25/06/2024

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this vulnerability. Successful unauthenticated exploitation requires a Workflow system with anonymous access enabled, otherwise an authenticated user is required. This issue affects all versions of FileCatalyst Workflow from 5.1.6 Build 135 and earlier.

Severity CVSS v4.0: Pending analysis

Last modification:

04/04/2025

CVE-2024-6206

Publication date:

25/06/2024

A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target system.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2024

CVE-2024-5008

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-5009

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin&#39;s password.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-5010

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-5011

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-4885

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.

Severity CVSS v4.0: Pending analysis

Last modification:

31/10/2025

CVE-2024-4498

Publication date:

25/06/2024

A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints, despite the presence of a `sanitize_path_from_endpoint(data.name)` filter. Successful exploitation enables an attacker to upload and execute malicious code on the victim&#39;s system, leading to Remote Code Execution (RCE).

Severity CVSS v4.0: Pending analysis

Last modification:

09/07/2025

CVE-2024-4883

Publication date:

25/06/2024

In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

Subscribe to Vulnerabilities