Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-25341

Publication date:
23/05/2026
Smartshop 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to product.php with union-based SQL injection payloads in the id parameter to extract sensitive database information including usernames and database names.
Severity CVSS v4.0: HIGH
Last modification:
17/06/2026

CVE-2026-9306

Publication date:
23/05/2026
A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The attack can be launched remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9305

Publication date:
23/05/2026
A weakness has been identified in QuantumNous new-api up to 0.12.1. The impacted element is the function SearchUserTopUps/SearchAllTopUps of the file model/topup.go of the component self Endpoint. This manipulation causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9304

Publication date:
23/05/2026
A security flaw has been discovered in calcom cal.diy up to 4.9.4. The affected element is the function validateUrlForSSRF of the file apps/web/app/api/logo/route.ts of the component Logo API. The manipulation results in server-side request forgery. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitability is described as difficult. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9302

Publication date:
23/05/2026
A vulnerability was determined in 546669204 vps-inventory-monitoring up to 98c00b370668c96ae75e91c15548d9ea113652d9. This issue affects the function eval of the file app/index/command/VpsTest.php of the component VpsTest Console. Executing a manipulation of the argument vf can lead to code injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9303

Publication date:
23/05/2026
A vulnerability was identified in calcom cal.diy up to 4.9.4. Impacted is an unknown function. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9301

Publication date:
23/05/2026
A vulnerability was found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGReset Message Handler. Performing a manipulation results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used. It is recommended to apply a patch to fix this issue.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9300

Publication date:
23/05/2026
A vulnerability has been found in omec-project amf up to 2.1.1. This affects an unknown part of the component NGSetupRequest Handler. Such manipulation leads to memory corruption. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. It is best practice to apply a patch to resolve this issue.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-43503

Publication date:
23/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: skbuff: propagate shared-frag marker through frag-transfer helpers<br /> <br /> Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail<br /> to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-&gt;flags when<br /> moving frags from source to destination. __pskb_copy_fclone() defers<br /> the rest of the shinfo metadata to skb_copy_header() after copying<br /> frag descriptors, but that helper only carries over gso_{size,segs,<br /> type} and never touches skb_shinfo()-&gt;flags; skb_shift() moves frag<br /> descriptors directly and leaves flags untouched. As a result, the<br /> destination skb keeps a reference to the same externally-owned or<br /> page-cache-backed pages while reporting skb_has_shared_frag() as<br /> false.<br /> <br /> The mismatch is harmful in any in-place writer that uses<br /> skb_has_shared_frag() to decide whether shared pages must be detoured<br /> through skb_cow_data(). ESP input is one such writer (esp4.c,<br /> esp6.c), and a single nft &amp;#39;dup to &amp;#39; rule -- or any other<br /> nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()&amp;#39;d<br /> skb in esp_input() with the marker stripped, letting an unprivileged<br /> user write into the page cache of a root-owned read-only file via<br /> authencesn-ESN stray writes.<br /> <br /> Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors<br /> were actually moved from the source. skb_copy() and skb_copy_expand()<br /> share skb_copy_header() too but linearize all paged data into freshly<br /> allocated head storage and emerge with nr_frags == 0, so<br /> skb_has_shared_frag() returns false on its own; they need no change.<br /> <br /> The same omission exists in skb_gro_receive() and skb_gro_receive_list().<br /> The former moves the incoming skb&amp;#39;s frag descriptors into the<br /> accumulator&amp;#39;s last sub-skb via two paths (a direct frag-move loop and<br /> the head_frag + memcpy path); the latter chains the incoming skb whole<br /> onto p&amp;#39;s frag_list. Downstream skb_segment() reads only<br /> skb_shinfo(p)-&gt;flags, and skb_segment_list() reuses each sub-skb&amp;#39;s<br /> shinfo as the nskb -- both p and lp must carry the marker.<br /> <br /> The same omission also exists in tcp_clone_payload(), which builds an<br /> MTU probe skb by moving frag descriptors from skbs on sk_write_queue<br /> into a freshly allocated nskb. The helper falls into the same family<br /> and warrants the same fix for consistency; no TCP TX-side in-place<br /> writer is currently known to reach a user page through this gap, but<br /> a future consumer depending on the marker would regress silently.<br /> <br /> The same omission exists in skb_segment(): the per-iteration flag<br /> merge takes only head_skb&amp;#39;s flag, and the inner switch that rebinds<br /> frag_skb to list_skb on head_skb-frags exhaustion does not fold the<br /> new frag_skb&amp;#39;s flag into nskb. Fold frag_skb&amp;#39;s flag at both sites<br /> so segments drawing frags from frag_list members carry the marker.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2026

CVE-2026-46300

Publication date:
23/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: skbuff: preserve shared-frag marker during coalescing<br /> <br /> skb_try_coalesce() can attach paged frags from @from to @to. If @from<br /> has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same<br /> externally-owned or page-cache-backed frags, but the shared-frag marker<br /> is currently lost.<br /> <br /> That breaks the invariant relied on by later in-place writers. In<br /> particular, ESP input checks skb_has_shared_frag() before deciding<br /> whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP<br /> receive coalescing has moved shared frags into an unmarked skb, ESP can<br /> see skb_has_shared_frag() as false and decrypt in place over page-cache<br /> backed frags.<br /> <br /> Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged<br /> frags. The tailroom copy path does not need the marker because it copies<br /> bytes into @to&amp;#39;s linear data rather than transferring frag descriptors.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2026

CVE-2026-9298

Publication date:
23/05/2026
A vulnerability was detected in omec-project amf up to 2.1.1. Affected by this vulnerability is an unknown functionality of the component PathSwitchRequest Handler. The manipulation results in memory corruption. The attack may be launched remotely. The exploit is now public and may be used. It is advisable to implement a patch to correct this issue.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026

CVE-2026-9299

Publication date:
23/05/2026
A flaw has been found in omec-project amf up to 2.1.1. Affected by this issue is the function PDUSessionResourceModifyIndication of the file /go/src/amf/ngap/handler.go. This manipulation causes memory corruption. Remote exploitation of the attack is possible. The exploit has been published and may be used. Applying a patch is the recommended action to fix this issue.
Severity CVSS v4.0: LOW
Last modification:
26/05/2026