Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-3814
Publication date:
09/03/2026
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConfTempEntry. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity CVSS v4.0: HIGH
Last modification:
10/03/2026

CVE-2026-3813
Publication date:
09/03/2026
A vulnerability was identified in opencc JFlow up to 5badc00db382d7cb82dad231e6a866b18e0addfe. Affected by this vulnerability is the function Calculate of the file src/main/java/bp/wf/httphandler/WF_CCForm.java. Such manipulation leads to injection. The attack may be performed from remote. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity CVSS v4.0: LOW
Last modification:
29/04/2026

CVE-2025-40639
Publication date:
09/03/2026
A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promo_send' parameter in the '/assets/php/calculate_discount.php'.
Severity CVSS v4.0: HIGH
Last modification:
10/03/2026

CVE-2025-40638
Publication date:
09/03/2026
A reflected Cross-Site Scripting (XSS) vulnerability has been <br /> found in Eventobot. This vulnerability allows an attacker to execute <br /> JavaScript code in the victim&amp;#39;s browser by sending him/her a malicious <br /> URL using the &amp;#39;name&amp;#39; parameter in &amp;#39;/search-results&amp;#39;. This vulnerability <br /> can be exploited to steal sensitive user data, such as session cookies, <br /> or to perform actions on behalf of the user.
Severity CVSS v4.0: MEDIUM
Last modification:
10/03/2026

CVE-2025-33022
Publication date:
09/03/2026
Rejected reason: The reporter agreed to not assign CVE ID
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-3811
Publication date:
09/03/2026
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used.
Severity CVSS v4.0: HIGH
Last modification:
09/03/2026

CVE-2026-3812
Publication date:
09/03/2026
A vulnerability was determined in itsourcecode Payroll Management System 1.0. Affected is an unknown function of the file /manage_employee_allowances.php. This manipulation of the argument ID causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Severity CVSS v4.0: LOW
Last modification:
29/04/2026

CVE-2025-69278
Publication date:
09/03/2026
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-69279
Publication date:
09/03/2026
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-61613
Publication date:
09/03/2026
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-61614
Publication date:
09/03/2026
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-61615
Publication date:
09/03/2026
In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026
Subscribe to Vulnerabilities