Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6312
Publication date:
28/08/2024
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 3.7.3.2 via the 'af2DeleteFontFile' function. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for authenticated attackers, with administrator-level access and above, to delete arbitrary files, including the wp-config.php file, which can make site takeover and remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2026

CVE-2024-4556
Publication date:
28/08/2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OpenText NetIQ Access Manager allows access the sensitive information. This issue affects NetIQ Access Manager before 5.0.4 and before 5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-6311
Publication date:
28/08/2024
The Funnelforms Free plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'af2_add_font' function in all versions up to, and including, 3.7.3.2. This makes it possible for authenticated attackers, with administrator-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-4554
Publication date:
28/08/2024
Improper Input Validation vulnerability in OpenText NetIQ Access Manager leads to Cross-Site Scripting (XSS) attack. This issue affects Access Manager before 5.0.4.1 and 5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2025

CVE-2024-4555
Publication date:
28/08/2024
Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2025

CVE-2021-38122
Publication date:
28/08/2024
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information.<br /> This issue affects NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-45346
Publication date:
28/08/2024
The Xiaomi Security Center expresses heartfelt thanks to Ken Gannon and Ilyes Beghdadi of NCC Group working with Trend Micro Zero Day Initiative! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2021-38120
Publication date:
28/08/2024
A vulnerability identified in Advance Authentication that allows bash command Injection in administrative controlled functionality of backup due to improper<br /> handling in provided command parameters. This issue affects NetIQ Advance Authentication version before 6.3.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-38121
Publication date:
28/08/2024
Insufficient or weak TLS protocol version identified in Advance authentication client server communication when specific service is accessed between devices.  This issue affects NetIQ Advance Authentication versions before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22529
Publication date:
28/08/2024
A vulnerability identified in NetIQ Advance Authentication that leaks sensitive server information. This issue affects NetIQ Advance Authentication version before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22530
Publication date:
28/08/2024
A vulnerability identified in NetIQ Advance Authentication that doesn&amp;#39;t enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2021-22509
Publication date:
28/08/2024
A vulnerability identified in storing and reusing information in Advance Authentication. This issue can lead to leakage of sensitive data to unauthorized user. The issue affects NetIQ Advance Authentication before 6.3.5.1
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024
Subscribe to Vulnerabilities