Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-20762
Publication date:
18/03/2024
Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024

CVE-2024-20754
Publication date:
18/03/2024
Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
12/12/2024

CVE-2024-27914
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-28054
Publication date:
18/03/2024
Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-27096
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-27098
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-27104
Publication date:
18/03/2024
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2025

CVE-2024-2051
Publication date:
18/03/2024
<br /> CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that<br /> could cause account takeover and unauthorized access to the system when an attacker<br /> conducts brute-force attacks against the login form.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-2052
Publication date:
18/03/2024
<br /> CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow<br /> unauthenticated files and logs exfiltration and download of files when an attacker modifies the<br /> URL to download to a different location.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-2229
Publication date:
18/03/2024
<br /> CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code<br /> execution when a malicious project file is loaded into the application by a valid user.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-2390
Publication date:
18/03/2024
<br /> As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-20757
Publication date:
18/03/2024
Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
04/12/2024
Subscribe to Vulnerabilities