Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-4548
Publication date:
06/05/2024
An SQLi vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior when CEBC.exe processes a 'RecalculateHDMWYC' message, which is split into 4 fields using the '~' character as the separator. An unauthenticated remote attacker can perform SQLi via the fourth field.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2024-4549
Publication date:
06/05/2024
A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2024-2041
Publication date:
06/05/2024
Rejected reason: ***DUPLICATE** Please use CVE-2024-3241 instead.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2024

CVE-2024-33749
Publication date:
06/05/2024
DedeCMS V5.7.114 is vulnerable to deletion of any file via mail_file_manage.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2024-33788
Publication date:
06/05/2024
Linksys E5600 v1.1.0.26 was discovered to contain a command injection vulnerability via the PinCode parameter at /API/info form endpoint.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2025

CVE-2024-33829
Publication date:
06/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-33830
Publication date:
06/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2023-49676
Publication date:
06/05/2024
An unauthenticated local attacker may trick a user to open corrupted project files to crash the system due to use after free vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-33753
Publication date:
06/05/2024
Section Camera V2.5.5.3116-S50-SMA-B20160811 and earlier versions allow the accounts and passwords of administrators and users to be changed without authorization.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-3576
Publication date:
06/05/2024
The NPort 5100A Series firmware version v1.6 and prior versions are affected by web server XSS vulnerability. The vulnerability is caused by not correctly neutralizing user-controllable input before placing it in output. Malicious users may use the vulnerability to get sensitive information and escalate privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2024

CVE-2023-49675
Publication date:
06/05/2024
An unauthenticated local attacker may trick a user to open corrupted project files to execute arbitrary code or crash the system due to an out-of-bounds write vulnerability.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2023-6854
Publication date:
06/05/2024
The Breakdance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s custom postmeta output in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping on user supplied post meta fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2024
Subscribe to Vulnerabilities