Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-20721
Publication date:
15/01/2024
Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2024-20709
Publication date:
15/01/2024
Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2023-4001
Publication date:
15/01/2024
An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2023-5253
Publication date:
15/01/2024
A missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication.<br /> <br /> <br /> <br /> Malicious unauthenticated users with knowledge on the underlying system may be able to extract limited asset information.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024

CVE-2023-46226
Publication date:
15/01/2024
Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2.<br /> <br /> Users are recommended to upgrade to version 1.3.0, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2023-50290
Publication date:
15/01/2024
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr.<br /> The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess.<br /> <br /> The Solr Metrics API is protected by the "metrics-read" permission.<br /> Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission.<br /> This issue affects Apache Solr: from 9.0.0 before 9.3.0.<br /> <br /> Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
09/05/2025

CVE-2023-6915
Publication date:
15/01/2024
A Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.
Severity CVSS v4.0: Pending analysis
Last modification:
14/09/2024

CVE-2023-46749
Publication date:
15/01/2024
Apache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting <br /> <br /> Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-0548
Publication date:
15/01/2024
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-22028
Publication date:
15/01/2024
Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2024-0547
Publication date:
15/01/2024
A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2020-36770
Publication date:
15/01/2024
pkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root&amp;#39;s ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025
Subscribe to Vulnerabilities