Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-6119
Publication date:
03/09/2024
Issue summary: Applications performing certificate name checks (e.g., TLS<br /> clients checking server certificates) may attempt to read an invalid memory<br /> address resulting in abnormal termination of the application process.<br /> <br /> Impact summary: Abnormal termination of an application can a cause a denial of<br /> service.<br /> <br /> Applications performing certificate name checks (e.g., TLS clients checking<br /> server certificates) may attempt to read an invalid memory address when<br /> comparing the expected name with an `otherName` subject alternative name of an<br /> X.509 certificate. This may result in an exception that terminates the<br /> application program.<br /> <br /> Note that basic certificate chain validation (signatures, dates, ...) is not<br /> affected, the denial of service can occur only when the application also<br /> specifies an expected DNS name, Email address or IP address.<br /> <br /> TLS servers rarely solicit client certificates, and even when they do, they<br /> generally don&amp;#39;t perform a name check against a reference identifier (expected<br /> identity), but rather extract the presented identity after checking the<br /> certificate chain. So TLS servers are generally not affected and the severity<br /> of the issue is Moderate.<br /> <br /> The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026

CVE-2024-42991
Publication date:
03/09/2024
MCMS v5.4.1 has front-end file upload vulnerability which can lead to remote command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2024-7654
Publication date:
03/09/2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service&amp;#39;s UDP port allowed content injection into parts of the OEM web interface making it possible for other types of attack that could spoof or deceive web interface users.   Unauthorized use of the OEE/OEM discovery service was remediated by deactivating the discovery service by default.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2024-7345
Publication date:
03/09/2024
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2024-7346
Publication date:
03/09/2024
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security.  The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2024

CVE-2024-4259
Publication date:
03/09/2024
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.<br /> This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
Severity CVSS v4.0: MEDIUM
Last modification:
14/10/2025

CVE-2024-34463
Publication date:
03/09/2024
BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-8389
Publication date:
03/09/2024
Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2024

CVE-2024-8371
Publication date:
03/09/2024
Rejected reason: Duplicate of CVE-2024-45305.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2024

CVE-2024-8385
Publication date:
03/09/2024
A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024

CVE-2024-8386
Publication date:
03/09/2024
If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2024

CVE-2024-8387
Publication date:
03/09/2024
Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
06/09/2024
Subscribe to Vulnerabilities