Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22182
Publication date:
01/03/2024
A remote, unauthenticated attacker may be able to send crafted messages <br /> to the web server of the Commend WS203VICM causing the system to <br /> restart, interrupting service.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-23492
Publication date:
01/03/2024
<br /> <br /> A weak encoding is used to transmit credentials for WS203VICM.<br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-27101
Publication date:
01/03/2024
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2025

CVE-2023-7242
Publication date:
01/03/2024
<br /> <br /> Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat <br /> Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds <br /> read during the process of analyzing a specific Ethercat packet. This <br /> could allow an attacker to crash the Zeek process and leak some <br /> information in memory.<br /> <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2023-7243
Publication date:
01/03/2024
<br /> Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat <br /> Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds <br /> write while analyzing specific Ethercat datagrams. This could allow an <br /> attacker to cause arbitrary code execution.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2023-7244
Publication date:
01/03/2024
Industrial Control Systems Network Protocol Parsers (ICSNPP) - Ethercat <br /> Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds <br /> write in their primary analyses function for Ethercat communication <br /> packets. This could allow an attacker to cause arbitrary code execution.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2024

CVE-2024-21767
Publication date:
01/03/2024
<br /> A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request.<br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2024-20328
Publication date:
01/03/2024
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands.<br /> ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-1174
Publication date:
01/03/2024
Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-1453
Publication date:
01/03/2024
<br /> In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2025

CVE-2024-2076
Publication date:
01/03/2024
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2025

CVE-2024-2077
Publication date:
01/03/2024
A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2024
Subscribe to Vulnerabilities