Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22359
Publication date:
12/04/2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 280897.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2024-3697
Publication date:
12/04/2024
A vulnerability was found in Campcodes House Rental Management System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_tenant.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260484.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-0157
Publication date:
12/04/2024
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-22334
Publication date:
12/04/2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. When deleting a custom security type, associated permissions of objects using that type may not be fully revoked. This could lead to incorrect reporting of permission configuration and unexpected privileges being retained. IBM X-Force ID: 279974.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2024-22339
Publication date:
12/04/2024
IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.20, 7.1 through 7.1.2.16, 7.2 through 7.2.3.9, 7.3 through 7.3.2.4 and IBM DevOps Deploy 8.0 through 8.0.0.1 is vulnerable to a sensitive information due to insufficient obfuscation of sensitive values from some log files. IBM X-Force ID: 279979.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2024-30403
Publication date:
12/04/2024
A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> When Layer 2 traffic is sent through a logical interface, MAC learning happens. If during this process, the interface flaps, an Advanced Forwarding Toolkit manager (evo-aftmand-bt) core is observed. This leads to a PFE restart. The crash reoccurs if the same sequence of events happens, which will lead to a sustained DoS condition.<br /> <br /> This issue affects Juniper Networks Junos OS Evolved 23.2-EVO versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.
Severity CVSS v4.0: HIGH
Last modification:
06/02/2025

CVE-2024-31069
Publication date:
12/04/2024
IO-1020 Micro ELD web server uses a default password for authentication.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2024

CVE-2024-3691
Publication date:
12/04/2024
A vulnerability, which was classified as critical, has been found in PHPGurukul Small CRM 3.0. Affected by this issue is some unknown functionality of the component Registration Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260480.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2024-3695
Publication date:
12/04/2024
A vulnerability has been found in SourceCodester Computer Laboratory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260482 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/01/2025

CVE-2024-3696
Publication date:
12/04/2024
A vulnerability was found in Campcodes House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260483.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-30397
Publication date:
12/04/2024
An Improper Check for Unusual or Exceptional Conditions vulnerability in the the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS).<br /> <br /> The pkid is responsible for the certificate verification. Upon a failed verification, the pkid uses all CPU resources and becomes unresponsive to future verification attempts. This means that all subsequent VPN negotiations depending on certificate verification will fail.<br /> <br /> This CPU utilization of pkid can be checked using this command: <br />   root@srx&gt; show system processes extensive | match pkid<br />   xxxxx  root  103  0  846M  136M  CPU1  1 569:00 100.00% pkid<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> * All versions prior to 20.4R3-S10;<br /> * 21.2 versions prior to 21.2R3-S7;<br /> * 21.4 versions prior to 21.4R3-S5;<br /> * 22.1 versions prior to 22.1R3-S4;<br /> * 22.2 versions prior to 22.2R3-S3;<br /> * 22.3 versions prior to 22.3R3-S1;<br /> * 22.4 versions prior to 22.4R3;<br /> * 23.2 versions prior to 23.2R1-S2, 23.2R2.
Severity CVSS v4.0: HIGH
Last modification:
26/02/2025

CVE-2024-30398
Publication date:
12/04/2024
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).<br /> <br /> When a high amount of specific traffic is received on a SRX4600 device, due to an error in internal packet handling, a consistent rise in CPU memory utilization occurs. This results in packet drops in the traffic and eventually the PFE crashes. A manual reboot of the PFE will be required to restore the device to original state.<br /> <br /> This issue affects Junos OS:  <br /> <br /> <br /> * 21.2 before 21.2R3-S7,<br /> * 21.4 before 21.4R3-S6, <br /> * 22.1 before 22.1R3-S5, <br /> * 22.2 before 22.2R3-S3,<br /> * 22.3 before 22.3R3-S2,<br /> * 22.4 before 22.4R3,<br /> <br /> * 23.2 before 23.2R1-S2, 23.2R2.
Severity CVSS v4.0: HIGH
Last modification:
06/02/2025
Subscribe to Vulnerabilities