Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6102
Publication date:
20/06/2024
Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-6103
Publication date:
20/06/2024
Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-5182
Publication date:
20/06/2024
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2024

CVE-2024-6100
Publication date:
20/06/2024
Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-6101
Publication date:
20/06/2024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-34990
Publication date:
19/06/2024
In the module "Help Desk - Customer Support Management System" (helpdesk) up to version 2.4.0 from FME Modules for PrestaShop, a customer can upload .php files. Methods `HelpdeskHelpdeskModuleFrontController::submitTicket()` and `HelpdeskHelpdeskModuleFrontController::replyTicket()` allow upload of .php files on a predictable path for connected customers.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-34994
Publication date:
19/06/2024
In the module "Channable" (channable) up to version 3.2.1 from Channable for PrestaShop, a guest can perform SQL injection via `ChannableFeedModuleFrontController::postProcess()`.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-36677
Publication date:
19/06/2024
In the module "Login as customer PRO" (loginascustomerpro)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-36678
Publication date:
19/06/2024
In the module "Theme settings" (pk_themesettings)
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2024

CVE-2024-36679
Publication date:
19/06/2024
In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro)
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-36680
Publication date:
19/06/2024
In the module "Facebook" (pkfacebook)
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-36684
Publication date:
19/06/2024
In the module "Custom links" (pk_customlinks)
Severity CVSS v4.0: Pending analysis
Last modification:
19/08/2024
Subscribe to Vulnerabilities