Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-7345

Publication date:

03/09/2024

Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2024-7346

Publication date:

03/09/2024

Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name validation and will need to be replaced where full TLS certificate validation is needed for network security. The existing certificates should be replaced with CA-signed certificates from a recognized certificate authority that contain the necessary information to support host name validation.

Severity CVSS v4.0: Pending analysis

Last modification:

05/09/2024

CVE-2024-4259

Publication date:

03/09/2024

Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users. This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.

Severity CVSS v4.0: MEDIUM

Last modification:

14/10/2025

CVE-2024-34463

Publication date:

03/09/2024

BPL Personal Weighing Scale PWS-01BT IND/09/18/599 devices send sensitive information in unencrypted BLE packets. (The packet data also lacks authentication and integrity protection.)

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2024

CVE-2024-8389

Publication date:

03/09/2024

Memory safety bugs present in Firefox 129. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

04/09/2024

CVE-2024-8371

Publication date:

03/09/2024

Rejected reason: Duplicate of CVE-2024-45305.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2024

CVE-2024-8385

Publication date:

03/09/2024

A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-8386

Publication date:

03/09/2024

If a site had been granted the permission to open popup windows, it could cause Select elements to appear on top of another site to perform a spoofing attack. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2024

CVE-2024-8387

Publication date:

03/09/2024

Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

06/09/2024

CVE-2024-8388

Publication date:

03/09/2024

Multiple prompts and panels from both Firefox and the Android OS could be used to obscure the notification announcing the transition to fullscreen mode after the fix for CVE-2023-6870 in Firefox 121. This could lead to spoofing the browser UI if the sudden appearance of the prompt distracted the user from noticing the visual transition happening behind the prompt. These notifications now use the Android Toast feature. *This bug only affects Firefox on Android. Other operating systems are unaffected.* This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2024

CVE-2024-6232

Publication date:

03/09/2024

There is a MEDIUM severity vulnerability affecting CPython. Regular expressions that allowed excessive backtracking during tarfile.TarFile header parsing are vulnerable to ReDoS via specifically-crafted tar archives.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2024-8381

Publication date:

03/09/2024

A potentially exploitable type confusion could be triggered when looking up a property name on an object being used as the `with` environment. This vulnerability affects Firefox

Severity CVSS v4.0: Pending analysis

Last modification:

04/11/2025

Subscribe to Vulnerabilities