Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6702
Publication date:
12/09/2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-6510
Publication date:
12/09/2024
Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-6658
Publication date:
12/09/2024
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:<br /> <br /> <br /> <br />  Product <br /> <br /> <br /> <br /> <br /> <br /> Affected Versions <br /> <br /> <br /> <br /> <br /> <br /> LoadMaster <br /> <br /> <br /> <br /> <br /> <br /> From 7.2.55.0 to 7.2.60.0 (inclusive) <br /> <br /> <br /> <br /> <br /> <br />   <br /> <br /> <br /> <br /> <br /> <br /> From 7.2.49.0 to 7.2.54.11 (inclusive) <br /> <br /> <br /> <br /> <br /> <br />   <br /> <br /> <br /> <br /> <br /> <br /> 7.2.48.12 and all prior versions <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> Multi-Tenant Hypervisor <br /> <br /> <br /> <br /> <br /> <br /> 7.1.35.11 and all prior versions <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> ECS<br /> <br /> <br /> <br /> <br /> <br /> All prior versions to 7.2.60.0 (inclusive)
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2024-6700
Publication date:
12/09/2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-6701
Publication date:
12/09/2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2024

CVE-2024-45826
Publication date:
12/09/2024
CVE-2024-45826 IMPACT<br /> Due to improper input validation, a path traversal and remote code execution vulnerability exists when the ThinManager® processes a crafted POST request. If exploited, a user can install an executable file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-45825
Publication date:
12/09/2024
CVE-2024-45825 IMPACT<br /> A denial-of-service vulnerability exists in the affected products. The vulnerability occurs when a malformed CIP packet is sent over the network to the device and results in a major nonrecoverable fault causing a denial-of-service.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-42483
Publication date:
12/09/2024
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for all kinds of messages, whether they are broadcast or unicast, and regardless of whether they are ciphertext or plaintext. This can result an attacker to clear the cache of its legitimate entries, there by creating an opportunity to re-inject previously captured packets. This vulnerability is fixed in 2.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2024

CVE-2024-45823
Publication date:
12/09/2024
CVE-2024-45823 IMPACT<br /> <br /> <br /> <br /> An<br /> authentication bypass vulnerability exists in the affected product. The<br /> vulnerability exists due to shared secrets across accounts and could allow a threat<br /> actor to impersonate a user if the threat actor is able to enumerate additional<br /> information required during authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2024

CVE-2024-42484
Publication date:
12/09/2024
ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type message. This can result in memory corruption related attacks. Normally there are two fields in the group information that need to be checked, i.e., the addrs_num field and the addrs_list fileld. Since we only checked the addrs_list field, an attacker can send a group type message with an invalid addrs_num field, which will cause the message handled by the firmware to be much larger than the current buffer, thus causing a memory corruption issue that goes beyond the payload length.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-28990
Publication date:
12/09/2024
SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console.<br /> <br /> We thank Trend Micro Zero Day Initiative (ZDI) for its ongoing partnership in coordinating with SolarWinds on responsible disclosure of this and other potential vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2024-28991
Publication date:
12/09/2024
SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024
Subscribe to Vulnerabilities