Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35750
Publication date:
08/06/2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
01/11/2024

CVE-2024-35751
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2024

CVE-2024-35752
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2024

CVE-2024-36965
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> remoteproc: mediatek: Make sure IPI buffer fits in L2TCM<br /> <br /> The IPI buffer location is read from the firmware that we load to the<br /> System Companion Processor, and it&amp;#39;s not granted that both the SRAM<br /> (L2TCM) size that is defined in the devicetree node is large enough<br /> for that, and while this is especially true for multi-core SCP, it&amp;#39;s<br /> still useful to check on single-core variants as well.<br /> <br /> Failing to perform this check may make this driver perform R/W<br /> operations out of the L2TCM boundary, resulting (at best) in a<br /> kernel panic.<br /> <br /> To fix that, check that the IPI buffer fits, otherwise return a<br /> failure and refuse to boot the relevant SCP core (or the SCP at<br /> all, if this is single core).
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-36966
Publication date:
08/06/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> erofs: reliably distinguish block based and fscache mode<br /> <br /> When erofs_kill_sb() is called in block dev based mode, s_bdev may not<br /> have been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,<br /> it will be mistaken for fscache mode, and then attempt to free an anon_dev<br /> that has never been allocated, triggering the following warning:<br /> <br /> ============================================<br /> ida_free called for id=0 which is not allocated.<br /> WARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140<br /> Modules linked in:<br /> CPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630<br /> RIP: 0010:ida_free+0x134/0x140<br /> Call Trace:<br /> <br /> erofs_kill_sb+0x81/0x90<br /> deactivate_locked_super+0x35/0x80<br /> get_tree_bdev+0x136/0x1e0<br /> vfs_get_tree+0x2c/0xf0<br /> do_new_mount+0x190/0x2f0<br /> [...]<br /> ============================================<br /> <br /> Now when erofs_kill_sb() is called, erofs_sb_info must have been<br /> initialised, so use sbi-&gt;fsid to distinguish between the two modes.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2024-35737
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2024

CVE-2024-35738
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2024

CVE-2024-35739
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2024

CVE-2024-35740
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8.
Severity CVSS v4.0: Pending analysis
Last modification:
25/07/2024

CVE-2024-35732
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2024

CVE-2024-35733
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2024

CVE-2024-35734
Publication date:
08/06/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10.
Severity CVSS v4.0: Pending analysis
Last modification:
18/07/2024
Subscribe to Vulnerabilities