Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-1952
Publication date:
29/02/2024
Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts&amp;#39; contents in channels they are not a member of.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2024

CVE-2024-1953
Publication date:
29/02/2024
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2024

CVE-2024-27906
Publication date:
29/02/2024
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.<br /> <br /> Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2024-1942
Publication date:
29/02/2024
Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2024

CVE-2024-1619
Publication date:
29/02/2024
Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-1888
Publication date:
29/02/2024
Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2024-23488
Publication date:
29/02/2024
Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2024-23493
Publication date:
29/02/2024
Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-24988
Publication date:
29/02/2024
Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2024-1887
Publication date:
29/02/2024
Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2025

CVE-2024-1982
Publication date:
29/02/2024
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2024-25291
Publication date:
29/02/2024
Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025
Subscribe to Vulnerabilities