Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-40704
Publication date:
18/07/2024
The product does not require unique and complex passwords to be created <br /> during installation. Using Philips&amp;#39;s default password could jeopardize <br /> the PACS system if the password was hacked or leaked. An attacker could <br /> gain access to the database impacting system availability and data <br /> integrity.
Severity CVSS v4.0: MEDIUM
Last modification:
09/04/2025

CVE-2023-40159
Publication date:
18/07/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2024-38302
Publication date:
18/07/2024
Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-39907
Publication date:
18/07/2024
1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been resolved in version 1.10.12-tls. Users are advised to upgrade. There are no known workarounds for these issues.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2024

CVE-2024-39911
Publication date:
18/07/2024
1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2024

CVE-2023-50304
Publication date:
18/07/2024
IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2024

CVE-2024-30473
Publication date:
18/07/2024
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2025

CVE-2024-34013
Publication date:
18/07/2024
Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396.
Severity CVSS v4.0: Pending analysis
Last modification:
19/07/2024

CVE-2024-31143
Publication date:
18/07/2024
An optional feature of PCI MSI called "Multiple Message" allows a<br /> device to use multiple consecutive interrupt vectors. Unlike for MSI-X,<br /> the setting up of these consecutive vectors needs to happen all in one<br /> go. In this handling an error path could be taken in different<br /> situations, with or without a particular lock held. This error path<br /> wrongly releases the lock even when it is not currently held.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2026

CVE-2024-29178
Publication date:
18/07/2024
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability.<br /> <br /> Mitigation:<br /> <br /> all users should upgrade to 2.1.4
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2024-40898
Publication date:
18/07/2024
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.<br /> <br /> Users are recommended to upgrade to version 2.4.62 which fixes this issue. 
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2024

CVE-2024-6504
Publication date:
18/07/2024
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console&amp;#39;s port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025
Subscribe to Vulnerabilities