Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35283
Publication date:
29/05/2024
A vulnerability in the Ignite component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a stored cross-site scripting (XSS) attack due to insufficient input validation.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2024-35284
Publication date:
29/05/2024
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2024-35311
Publication date:
29/05/2024
Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2023-46297
Publication date:
29/05/2024
An issue was discovered on Mercusys MW325R EU V3 MW325R(EU)_V3_1.11.0 221019 devices. A WAN attacker can make the admin interface unreachable/invisible via an unauthenticated HTTP request. Verification of the data sent by the user does not occur. The web server does not crash, but the admin interface becomes invisible, because the files necessary to display the content are no longer available. A reboot of the router is typically required to restore the correct behavior.
Severity CVSS v4.0: Pending analysis
Last modification:
22/08/2024

CVE-2024-28974
Publication date:
29/05/2024
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-31079
Publication date:
29/05/2024
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed HTTP/3 requests can cause NGINX worker processes to terminate or cause other potential impact. This attack requires that a request be specifically timed during the connection draining process, which the attacker has no visibility and limited influence over.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-4358
Publication date:
29/05/2024
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2025

CVE-2024-36375
Publication date:
29/05/2024
In JetBrains TeamCity before 2024.03.2 technical information regarding TeamCity server could be exposed
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-36376
Publication date:
29/05/2024
In JetBrains TeamCity before 2024.03.2 users could perform actions that should not be available to them based on their permissions
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-36377
Publication date:
29/05/2024
In JetBrains TeamCity before 2024.03.2 certain TeamCity API endpoints did not check user permissions
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-36378
Publication date:
29/05/2024
In JetBrains TeamCity before 2024.03.2 server was susceptible to DoS attacks with incorrect auth tokens
Severity CVSS v4.0: Pending analysis
Last modification:
27/01/2025

CVE-2024-36470
Publication date:
29/05/2024
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 authentication bypass was possible in specific edge cases
Severity CVSS v4.0: Pending analysis
Last modification:
07/02/2025
Subscribe to Vulnerabilities