Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-44902

Publication date:

09/09/2024

A deserialization vulnerability in Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.

Severity CVSS v4.0: Pending analysis

Last modification:

20/09/2024

CVE-2024-6795

Publication date:

09/09/2024

In Connex health portal released before8/30/2024, SQL injection vulnerabilities were found that could have allowed an unauthenticated attacker to gain unauthorized access to Connex portal&#39;s database. <br /> <br /> An attacker could have submitted a crafted payload to Connex portal that could have resulted in modification and disclosure of database content <br /> <br /> and/or perform administrative operations including shutting down the database.

Severity CVSS v4.0: Pending analysis

Last modification:

20/09/2024

CVE-2024-6796

Publication date:

09/09/2024

In Baxter Connex health portal released before 8/30/2024, an improper access control vulnerability has been found that could allow an unauthenticated attacker to gain unauthorized access to Connex portal&#39;s database and/or modify content.

Severity CVSS v4.0: Pending analysis

Last modification:

20/09/2024

CVE-2024-44724

Publication date:

09/09/2024

AutoCMS v5.4 was discovered to contain a PHP code injection vulnerability via the txtsite_url parameter at /admin/site_add.php. This vulnerability allows attackers to execute arbitrary PHP code via injecting a crafted value.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2024-44725

Publication date:

09/09/2024

AutoCMS v5.4 was discovered to contain a SQL injection vulnerability via the sidebar parameter at /admin/robot.php.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2024-27366

Publication date:

09/09/2024

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Severity CVSS v4.0: Pending analysis

Last modification:

25/03/2025

CVE-2024-27367

Publication date:

09/09/2024

An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length coming from userspace, which can lead to integer overflow and a potential heap over-read.

Severity CVSS v4.0: Pending analysis

Last modification:

14/03/2025

CVE-2024-27368

Publication date:

09/09/2024

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Severity CVSS v4.0: Pending analysis

Last modification:

18/03/2025

CVE-2024-27383

Publication date:

09/09/2024

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite.

Severity CVSS v4.0: Pending analysis

Last modification:

18/03/2025

CVE-2024-27387

Publication date:

09/09/2024

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on rtt_id coming from userspace, which can lead to a heap overwrite.

Severity CVSS v4.0: Pending analysis

Last modification:

17/03/2025

CVE-2024-44085

Publication date:

09/09/2024

ONLYOFFICE Docs before 8.1.0 allows XSS via a GeneratorFunction Object attack against a macro. This is related to use of an immediately-invoked function expression (IIFE) for a macro. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446 and CVE-2023-50883.

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025