Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-3386
Publication date:
10/04/2024
An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-3388
Publication date:
10/04/2024
A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2025

CVE-2024-3387
Publication date:
10/04/2024
A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2026

CVE-2024-3098
Publication date:
10/04/2024
A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-3101
Publication date:
10/04/2024
In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2024-3283
Publication date:
10/04/2024
A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2024-3382
Publication date:
10/04/2024
A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2025

CVE-2024-31299
Publication date:
10/04/2024
Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-31342
Publication date:
10/04/2024
Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-31343
Publication date:
10/04/2024
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio &amp; Podcast by Sonaar: from n/a through 4.10.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2025

CVE-2024-31355
Publication date:
10/04/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024

CVE-2024-31356
Publication date:
10/04/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024
Subscribe to Vulnerabilities