Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-54170
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-56493
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-56494
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-56495
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-56496
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-56810
Publication date:
27/02/2025
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2024-13148
Publication date:
27/02/2025
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-22280
Publication date:
27/02/2025
Missing Authorization vulnerability in revmakx DefendWP Firewall allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DefendWP Firewall: from n/a through 1.1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-27154
Publication date:
27/02/2025
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions.
Severity CVSS v4.0: HIGH
Last modification:
07/04/2025

CVE-2024-9334
Publication date:
27/02/2025
Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-1691
Publication date:
27/02/2025
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the mongosh autocomplete feature, can use the autocompletion feature to input and run obfuscated malicious text. This requires user interaction in the form of the user using ‘tab’ to autocomplete text that is a prefix of the attacker’s prepared autocompletion. This issue affects mongosh versions prior to 2.3.9. <br /> <br /> <br /> The vulnerability is exploitable only when mongosh is connected to a cluster that is partially or fully controlled by an attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025

CVE-2025-1692
Publication date:
27/02/2025
The MongoDB Shell may be susceptible to control character injection where an attacker with control of the user’s clipboard could manipulate them to paste text into mongosh that evaluates arbitrary code. Control characters in the pasted text can be used to obfuscate malicious code. This issue affects mongosh versions prior to 2.3.9
Severity CVSS v4.0: Pending analysis
Last modification:
27/02/2025
Subscribe to Vulnerabilities