Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35012
Publication date:
14/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-3241
Publication date:
14/05/2024
The Ultimate Blocks WordPress plugin before 3.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2025

CVE-2024-3372
Publication date:
14/05/2024
Improper validation of certain metadata input may result in the server not correctly serialising BSON. This can be performed pre-authentication and may cause unexpected application behavior including unavailability of serverStatus responses. This issue affects MongoDB Server v7.0 versions prior to 7.0.6, MongoDB Server v6.0 versions prior to 6.0.14 and MongoDB Server v.5.0 versions prior to 5.0.25.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2025

CVE-2024-3374
Publication date:
14/05/2024
An unauthenticated user can trigger a fatal assertion in the server while generating ftdc diagnostic metrics due to attempting to build a BSON object that exceeds certain memory sizes. This issue affects MongoDB Server v5.0 versions prior to and including 5.0.16 and MongoDB Server v6.0 versions prior to and including 6.0.5.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2025

CVE-2024-34773
Publication date:
14/05/2024
A vulnerability has been identified in Solid Edge (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2024-34914
Publication date:
14/05/2024
php-censor v2.1.4 and fixed in v.2.1.5 was discovered to utilize a weak hashing algorithm for its remember_key value. This allows attackers to bruteforce to bruteforce the remember_key value to gain access to accounts that have checked "remember me" when logging in.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-34950
Publication date:
14/05/2024
D-Link DIR-822+ v1.0.5 was discovered to contain a stack-based buffer overflow vulnerability in the SetNetworkTomographySettings module.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2024-35009
Publication date:
14/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&amp;dataType=&amp;fieldName=state&amp;fieldName2=state&amp;tabName=banner&amp;dataID=6.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-35010
Publication date:
14/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&amp;dataType=&amp;dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&amp;theme=cs&amp;dataID=6.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-35011
Publication date:
14/05/2024
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&amp;nohrefStr=close.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-34771
Publication date:
14/05/2024
A vulnerability has been identified in Solid Edge (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2024-34772
Publication date:
14/05/2024
A vulnerability has been identified in Solid Edge (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025
Subscribe to Vulnerabilities