Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-24939
Publication date:
06/02/2024
In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-24940
Publication date:
06/02/2024
In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives
Severity CVSS v4.0: Pending analysis
Last modification:
15/05/2025

CVE-2024-23917
Publication date:
06/02/2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-24936
Publication date:
06/02/2024
In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-24937
Publication date:
06/02/2024
In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024

CVE-2024-23673
Publication date:
06/02/2024
Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system.<br /> If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. <br /> <br /> Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2023-4503
Publication date:
06/02/2024
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2024-25140
Publication date:
06/02/2024
A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor&amp;#39;s position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation.
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2024

CVE-2024-0684
Publication date:
06/02/2024
A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-22365
Publication date:
06/02/2024
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2023-32479
Publication date:
06/02/2024
<br /> Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell Security Management Server versions prior to 11.9.0 contain privilege escalation vulnerability due to improper ACL of the non-default installation directory. A local malicious user could potentially exploit this vulnerability by replacing binaries in installed directory and taking reverse shell of the system leading to Privilege Escalation.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2024

CVE-2023-32474
Publication date:
06/02/2024
<br /> Dell Display Manager application, version 2.1.1.17 and prior, contain an insecure operation on windows junction/mount point. A local malicious user could potentially exploit this vulnerability during installation leading to arbitrary folder or file deletion<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
12/02/2024
Subscribe to Vulnerabilities