Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-22520

Publication date:

06/02/2024

An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets.

Severity CVSS v4.0: Pending analysis

Last modification:

15/05/2025

CVE-2023-40143

Publication date:

06/02/2024

An attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "forward.0.domain" parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

13/02/2024

CVE-2023-40544

Publication date:

06/02/2024

An attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2024

CVE-2023-42765

Publication date:

06/02/2024

An attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "username" parameter in the SNMP configuration.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2024

CVE-2023-45213

Publication date:

06/02/2024

A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2024

CVE-2023-45222

Publication date:

06/02/2024

An attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the "autorefresh" parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

12/02/2024

CVE-2023-38579

Publication date:

06/02/2024

The cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.

Severity CVSS v4.0: Pending analysis

Last modification:

13/02/2024

CVE-2024-22514

Publication date:

06/02/2024

An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file.

Severity CVSS v4.0: Pending analysis

Last modification:

26/08/2024

CVE-2024-22515

Publication date:

06/02/2024

Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component.

Severity CVSS v4.0: Pending analysis

Last modification:

08/05/2025

CVE-2024-1258

Publication date:

06/02/2024

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024

CVE-2024-1259

Publication date:

06/02/2024

A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/05/2024

CVE-2024-22241

Publication date:

06/02/2024

Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account.

Severity CVSS v4.0: Pending analysis

Last modification:

03/06/2025

Subscribe to Vulnerabilities