Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-28195
Publication date:
13/03/2024
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2024-28196
Publication date:
13/03/2024
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2025

CVE-2024-2403
Publication date:
13/03/2024
<br /> Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and<br /> earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
25/08/2025

CVE-2024-2418
Publication date:
13/03/2024
A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2025

CVE-2024-20319
Publication date:
13/03/2024
A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device.<br /> <br /> This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2025

CVE-2024-20320
Publication date:
13/03/2024
A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. <br /> <br /> This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2025

CVE-2024-20322
Publication date:
13/03/2024
A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.<br /> <br /> This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL.
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2025

CVE-2024-20327
Publication date:
13/03/2024
A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition.<br /> <br /> This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2024-27952
Publication date:
13/03/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-27953
Publication date:
13/03/2024
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker &amp; Coins List.This issue affects Cryptocurrency Widgets – Price Ticker &amp; Coins List: from n/a through 2.6.8.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2025

CVE-2024-0173
Publication date:
13/03/2024
Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory.
Severity CVSS v4.0: Pending analysis
Last modification:
31/01/2025

CVE-2024-20262
Publication date:
13/03/2024
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack.<br /> <br /> This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover.<br /> <br /> Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2024
Subscribe to Vulnerabilities