Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-14528
Publication date:
11/12/2025
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: MEDIUM
Last modification:
11/12/2025

CVE-2025-14526
Publication date:
11/12/2025
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-14527
Publication date:
11/12/2025
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
Severity CVSS v4.0: MEDIUM
Last modification:
11/12/2025

CVE-2024-8273
Publication date:
11/12/2025
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-67739
Publication date:
11/12/2025
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-67740
Publication date:
11/12/2025
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-67741
Publication date:
11/12/2025
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-67742
Publication date:
11/12/2025
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-59803
Publication date:
11/12/2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via triggers. An attacker can embed triggers (e.g., JavaScript) in a PDF document that execute during the signing process. When a signer reviews the document, the content appears normal. However, once the signature is applied, the triggers modify content on other pages or optional content layers without explicit warning. This can cause the signed PDF to differ from what the signer saw, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-59802
Publication date:
11/12/2025
Foxit PDF Editor and Reader before 2025.2.1 allow signature spoofing via OCG. When Optional Content Groups (OCG) are supported, the state property of an OCG is runtime-only and not included in the digital signature computation buffer. An attacker can leverage JavaScript or PDF triggers to dynamically change the visibility of OCG content after signing (Post-Sign), allowing the visual content of a signed PDF to be modified without invalidating the signature. This may result in a mismatch between the signed content and what the signer or verifier sees, undermining the trustworthiness of the digital signature. The fixed versions are 2025.2.1, 14.0.1, and 13.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-55312
Publication date:
11/12/2025
An issue was discovered in Foxit PDF and Editor for Windows before 13.2 and 2025 before 2025.2. When pages in a PDF are deleted via JavaScript, the application may fail to properly update internal states. Subsequent annotation management operations assume these states are valid, causing dereference of invalid or released memory. This can lead to memory corruption, application crashes, and potentially allow an attacker to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025

CVE-2025-55313
Publication date:
11/12/2025
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely large value to a form field's charLimit property via JavaScript. This can result in memory corruption and may allow an attacker to execute arbitrary code by persuading a user to open a malicious file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/12/2025
Subscribe to Vulnerabilities