Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35397

Publication date:

28/05/2024

TOTOLINK CP900L v4.1.5cu.798_B20221228 weas discovered to contain a command injection vulnerability in the NTPSyncWithHost function via the hostTime parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2024-35398

Publication date:

28/05/2024

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setMacFilterRules.

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2024-35399

Publication date:

28/05/2024

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the password parameter in the function loginAuth

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2024-35400

Publication date:

28/05/2024

TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function SetPortForwardRules

Severity CVSS v4.0: Pending analysis

Last modification:

03/04/2025

CVE-2024-3969

Publication date:

28/05/2024

XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload<br /> <br />

Severity CVSS v4.0: Pending analysis

Last modification:

21/01/2025

CVE-2024-24685

Publication date:

28/05/2024

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the vertex section of an `.off` file processed via the `readOFF` function.

Severity CVSS v4.0: Pending analysis

Last modification:

11/02/2025

CVE-2024-24686

Publication date:

28/05/2024

Multiple stack-based buffer overflow vulnerabilities exist in the readOFF functionality of libigl v2.5.0. A specially crafted .off file can lead to stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the parsing of comments within the faces section of an `.off` file processed via the `readOFF` function.

Severity CVSS v4.0: Pending analysis

Last modification:

11/02/2025

CVE-2024-29072

Publication date:

28/05/2024

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

Severity CVSS v4.0: Pending analysis

Last modification:

22/08/2025

CVE-2024-5428

Publication date:

28/05/2024

A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-266383.

Severity CVSS v4.0: MEDIUM

Last modification:

09/12/2024

CVE-2024-23951

Publication date:

28/05/2024

Multiple improper array index validation vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability concerns the `igl::MshLoader::parse_element_field` function while handling an `ascii`.msh` file.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2025

CVE-2024-24583

Publication date:

28/05/2024

Multiple out-of-bounds read vulnerabilities exist in the readMSH functionality of libigl v2.5.0. A specially crafted .msh file can lead to an out-of-bounds read. An attacker can provide a malicious file to trigger this vulnerability.This vulnerabilitty concerns the`readMSH` function while processing `MshLoader::ELEMENT_TRI` elements.

Severity CVSS v4.0: Pending analysis

Last modification:

11/02/2025

CVE-2024-24584

Publication date:

28/05/2024

Severity CVSS v4.0: Pending analysis

Last modification:

11/02/2025

Subscribe to Vulnerabilities