Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-20657
Publication date:
09/01/2024
Windows Group Policy Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2024-20658
Publication date:
09/01/2024
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2024-0226
Publication date:
09/01/2024
Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
30/08/2024

CVE-2024-0340
Publication date:
09/01/2024
A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2025

CVE-2024-20652
Publication date:
09/01/2024
Windows HTML Platforms Security Feature Bypass Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2024

CVE-2024-20653
Publication date:
09/01/2024
Microsoft Common Log File System Elevation of Privilege Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2024-0056
Publication date:
09/01/2024
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2024

CVE-2024-0057
Publication date:
09/01/2024
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2024

CVE-2022-48618
Publication date:
09/01/2024
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2024-0228
Publication date:
09/01/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2024

CVE-2024-22164
Publication date:
09/01/2024
In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2024-22165
Publication date:
09/01/2024
In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2024
Subscribe to Vulnerabilities