Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-24464

Publication date:
13/05/2026
When running in Appliance mode, a directory traversal vulnerability exists in an undisclosed iControl REST endpoint that may allow an authenticated attacker with administrator role privileges to cross a security boundary and delete files.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: MEDIUM
Last modification:
29/06/2026

CVE-2026-20916

Publication date:
13/05/2026
An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system.<br />  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
29/06/2026

CVE-2025-28344

Publication date:
13/05/2026
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2026

CVE-2025-29338

Publication date:
13/05/2026
NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2026

CVE-2025-32425

Publication date:
13/05/2026
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the console (stdout/stderr), and deployed in container mode, which is automatically captured by Docker and stored as "container logs". However, prior to 0.6.32, there is no limit on the log size when the container is deployed. When the number of user accesses is too large, the log on the server disk will be too large, causing disk resource exhaustion and eventually causing DoS. autogpt-platform-beta-v0.6.32 fixes the issue.
Severity CVSS v4.0: MEDIUM
Last modification:
26/05/2026

CVE-2020-37225

Publication date:
13/05/2026
Powie&amp;#39;s WHOIS Domain Check 0.9.31 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by exploiting unsanitized input fields in plugin settings. Attackers can submit malicious payloads through textarea and input elements in the pwhois_settings.php configuration page to execute JavaScript in the admin context and escalate privileges.
Severity CVSS v4.0: MEDIUM
Last modification:
13/05/2026

CVE-2020-37226

Publication date:
13/05/2026
Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the &amp;#39;sortby&amp;#39; parameter. Attackers can send POST requests to the administrator index with malicious &amp;#39;sortby&amp;#39; values to extract sensitive database information using automated tools.
Severity CVSS v4.0: HIGH
Last modification:
13/05/2026

CVE-2024-51394

Publication date:
13/05/2026
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_MSP::loop, AP_MSP, AP_MSP.cpp components.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2026

CVE-2024-51395

Publication date:
13/05/2026
Buffer Overflow vulnerability in Ardupiot Copter Latest commit 92693e023793133e49a035daf37c14433e484778 allows a local attacker to cause a denial of service via the AP_SmartAudio::loop, AP_SmartAudio, AP_SmartAudio.cpp components.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2026

CVE-2025-28343

Publication date:
13/05/2026
striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2026

CVE-2024-55045

Publication date:
13/05/2026
Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at /comm/task_comm.c.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2026

CVE-2020-37217

Publication date:
13/05/2026
Easy2Pilot 7 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the admin.php?action=add_user endpoint with POST requests containing username and password parameters to create new administrative accounts without explicit user consent.
Severity CVSS v4.0: MEDIUM
Last modification:
13/05/2026