Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-5692
Publication date:
11/06/2024
On Windows 10, when using the 'Save As' functionality, an attacker could have tricked the browser into saving the file with a disallowed extension such as `.url` by including an invalid character in the extension. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-5693
Publication date:
11/06/2024
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2024-5694
Publication date:
11/06/2024
An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-2461
Publication date:
11/06/2024
If exploited an attacker could traverse the file system to access <br /> files or directories that would otherwise be inaccessible
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2024

CVE-2024-2462
Publication date:
11/06/2024
Allow attackers to intercept or falsify data exchanges between the client <br /> and the server
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2024

CVE-2024-35292
Publication date:
11/06/2024
A vulnerability has been identified in SIMATIC S7-200 SMART CPU CR40 (6ES7288-1CR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU CR60 (6ES7288-1CR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR20 (6ES7288-1SR20-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR30 (6ES7288-1SR30-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR40 (6ES7288-1SR40-0AA1) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA0) (All versions), SIMATIC S7-200 SMART CPU SR60 (6ES7288-1SR60-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST20 (6ES7288-1ST20-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST30 (6ES7288-1ST30-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST40 (6ES7288-1ST40-0AA1) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA0) (All versions), SIMATIC S7-200 SMART CPU ST60 (6ES7288-1ST60-0AA1) (All versions). Affected devices are using a predictable IP ID sequence number. This leaves the system susceptible to a family of attacks which rely on the use of predictable IP ID sequence numbers as their base method of attack and eventually could allow an attacker to create a denial of service condition.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2024

CVE-2024-35303
Publication date:
11/06/2024
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2024

CVE-2024-36266
Publication date:
11/06/2024
A vulnerability has been identified in PowerSys (All versions
Severity CVSS v4.0: HIGH
Last modification:
26/09/2025

CVE-2024-35209
Publication date:
11/06/2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-35210
Publication date:
11/06/2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-35211
Publication date:
11/06/2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-35212
Publication date:
11/06/2024
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025
Subscribe to Vulnerabilities