Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-7191
Publication date:
29/07/2024
A vulnerability, which was classified as critical, has been found in itsourcecode Society Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/get_balance.php. The manipulation of the argument student_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272612.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-7192
Publication date:
29/07/2024
A vulnerability, which was classified as critical, was found in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/student.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272613 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-41139
Publication date:
29/07/2024
Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2025

CVE-2024-41143
Publication date:
29/07/2024
Origin validation error vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025

CVE-2024-41726
Publication date:
29/07/2024
Path traversal vulnerability exists in SKYSEA Client View Ver.3.013.00 to Ver.19.210.04e. If this vulnerability is exploited, an arbitrary executable file may be executed by a user who can log in to the PC where the product's Windows client is installed.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2025

CVE-2024-41881
Publication date:
29/07/2024
SDoP versions prior to 1.11 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted XML file, arbitrary code may be executed on the user's environment.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-7190
Publication date:
29/07/2024
A vulnerability classified as critical was found in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/get_price.php. The manipulation of the argument expenses_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272611.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-7189
Publication date:
29/07/2024
A vulnerability classified as critical has been found in itsourcecode Online Food Ordering System 1.0. Affected is an unknown function of the file editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-272610 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-7188
Publication date:
29/07/2024
A vulnerability was found in Bylancer Quicklancer 2.4. It has been rated as critical. This issue affects some unknown processing of the file /listing of the component GET Parameter Handler. The manipulation of the argument range2 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272609 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2024

CVE-2024-7187
Publication date:
29/07/2024
A vulnerability was found in TOTOLINK A3600R 4.1.2cu.5182_B20201102. It has been declared as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272608. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2024-41019
Publication date:
29/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/ntfs3: Validate ff offset<br /> <br /> This adds sanity checks for ff offset. There is a check<br /> on rt-&gt;first_free at first, but walking through by ff<br /> without any check. If the second ff is a large offset.<br /> We may encounter an out-of-bound read.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-41090
Publication date:
29/07/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tap: add missing verification for short frame<br /> <br /> The cited commit missed to check against the validity of the frame length<br /> in the tap_get_user_xdp() path, which could cause a corrupted skb to be<br /> sent downstack. Even before the skb is transmitted, the<br /> tap_get_user_xdp()--&gt;skb_set_network_header() may assume the size is more<br /> than ETH_HLEN. Once transmitted, this could either cause out-of-bound<br /> access beyond the actual length, or confuse the underlayer with incorrect<br /> or inconsistent header length in the skb metadata.<br /> <br /> In the alternative path, tap_get_user() already prohibits short frame which<br /> has the length less than Ethernet header size from being transmitted.<br /> <br /> This is to drop any frame shorter than the Ethernet header size just like<br /> how tap_get_user() does.<br /> <br /> CVE: CVE-2024-41090
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities