Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-21593
Publication date:
12/04/2024
An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<br /> <br /> If an attacker sends a specific MPLS packet, which upon processing, causes an internal loop, that leads to a PFE crash and restart. Continued receipt of these packets leads to a sustained Denial of Service (DoS) condition.<br /> <br /> Circuit cross-connect (CCC) needs to be configured on the device for it to be affected by this issue.<br /> <br /> This issue only affects MX Series with MPC10, MPC11, LC9600, and MX304.<br /> <br /> This issue affects:<br /> Juniper Networks Junos OS<br /> 21.4 versions from 21.4R3 earlier than 21.4R3-S5;<br /> 22.2 versions from 22.2R2 earlier than 22.2R3-S2;<br /> 22.3 versions from 22.3R1 earlier than 22.3R2-S2;<br /> 22.3 versions from 22.3R3 earlier than 22.3R3-S1<br /> 22.4 versions from 22.4R1 earlier than 22.4R2-S2, 22.4R3;<br /> 23.2 versions earlier than 23.2R1-S1, 23.2R2.
Severity CVSS v4.0: HIGH
Last modification:
23/01/2026

CVE-2023-51499
Publication date:
12/04/2024
Missing Authorization vulnerability in WooCommerce WooCommerce Shipping Per Product.This issue affects WooCommerce Shipping Per Product: from n/a through 2.5.4.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2024

CVE-2023-51515
Publication date:
12/04/2024
Missing Authorization vulnerability in Undsgn Uncode Core allows Privilege Escalation.This issue affects Uncode Core: from n/a through 2.8.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2024

CVE-2023-52211
Publication date:
12/04/2024
Missing Authorization vulnerability in Automattic WP Job Manager.This issue affects WP Job Manager: from n/a through 2.0.0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2024

CVE-2024-21590
Publication date:
12/04/2024
An Improper Input Validation vulnerability in Juniper Tunnel Driver (jtd) and ICMP module of Juniper Networks Junos OS Evolved allows an unauthenticated attacker within the MPLS administrative domain to send specifically crafted packets to the Routing Engine (RE) to cause a Denial of Service (DoS). <br /> <br /> When specifically crafted transit MPLS IPv4 packets are received by the Packet Forwarding Engine (PFE), these packets are internally forwarded to the RE. Continued receipt of these packets may create a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects Juniper Networks Junos OS:<br /> <br /> * All versions before 21.2R3-S8-EVO;<br /> * from 21.4-EVO before 21.4R3-S6-EVO;<br /> * from 22.2-EVO before 22.2R3-S4-EVO;<br /> * from 22.3-EVO before 22.3R3-S3-EVO;<br /> * from 22.4-EVO before 22.4R3-EVO;<br /> * from 23.2-EVO before 23.2R2-EVO.<br /> * from 23.4-EVO before 23.4R1-S1-EVO.
Severity CVSS v4.0: HIGH
Last modification:
23/01/2025

CVE-2024-3707
Publication date:
12/04/2024
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-3706
Publication date:
12/04/2024
Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-3686
Publication date:
12/04/2024
A vulnerability has been found in DedeCMS 5.7.112-UTF8 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file update_guide.php. The manipulation of the argument files leads to path traversal: &amp;#39;../filedir&amp;#39;. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260473 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2024-3687
Publication date:
12/04/2024
A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-3688
Publication date:
12/04/2024
A vulnerability was found in Xiamen Four-Faith RMP Router Management Platform 5.2.2. It has been declared as critical. This vulnerability affects unknown code of the file /Device/Device/GetDeviceInfoList?deviceCode=&amp;searchField=&amp;deviceState=. The manipulation of the argument groupId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2024-3705
Publication date:
12/04/2024
Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint &amp;#39;/opengnsys/images/M_Icons.php&amp;#39; modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-3704
Publication date:
12/04/2024
SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025
Subscribe to Vulnerabilities