Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-7375
Publication date:
05/03/2026
A denial-of-service (DoS) vulnerability was identified in Omada EAP610 v3. An attacker with adjacent network access can send crafted requests to cause the device’s HTTP service to crash. This results in temporary service unavailability until the device is rebooted.<br /> This issue affects Omada EAP610 firmware versions prior to 1.6.0.
Severity CVSS v4.0: MEDIUM
Last modification:
09/03/2026

CVE-2025-70616
Publication date:
05/03/2026
A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. The vulnerability is caused by missing bounds checking on the user-controlled Options parameter before copying data into a 40-byte stack buffer (Src[40]) using memmove. An attacker with local access can exploit this vulnerability by sending a crafted IOCTL request with Options &gt; 40, causing a stack buffer overflow that may lead to kernel code execution, local privilege escalation, or denial of service (system crash). Additionally, the same IOCTL handler can leak kernel addresses and other sensitive stack data when reading beyond the buffer boundaries.
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2026

CVE-2026-24457
Publication date:
05/03/2026
An unsafe parsing of OpenMQ&amp;#39;s configuration, allows a remote attacker to read arbitrary files from a MQ Broker&amp;#39;s server. A full exploitation could read unauthorized files of the OpenMQ’s host OS. In some scenarios RCE could be achieved.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-70232
Publication date:
05/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2025-70233
Publication date:
05/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetEnableWizard.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2025-70229
Publication date:
05/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSchedule.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2025-70230
Publication date:
05/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetDDNS.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2025-70231
Publication date:
05/03/2026
D-Link DIR-513 version 1.10 contains a critical-level vulnerability. When processing POST requests related to verification codes in /goform/formLogin, it enters /goform/getAuthCode but fails to filter the value of the FILECODE parameter, resulting in a path traversal vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2025-45691
Publication date:
05/03/2026
An Arbitrary File Read vulnerability exists in the ImageTextPromptValue class in Exploding Gradients RAGAS v0.2.3 to v0.2.14. The vulnerability stems from improper validation and sanitization of URLs supplied in the retrieved_contexts parameter when handling multimodal inputs.
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2026

CVE-2025-13476
Publication date:
05/03/2026
Rakuten Viber Cloak mode in Android v25.7.2.0g and Windows v25.6.0.0–v25.8.1.0 uses a static and predictable TLS ClientHello fingerprint lacking extension diversity, allowing Deep Packet Inspection (DPI) systems to trivially identify and block proxy traffic, undermining censorship circumvention. (CWE-327)
Severity CVSS v4.0: Pending analysis
Last modification:
10/03/2026

CVE-2026-30798
Publication date:
05/03/2026
Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop.<br /> <br /> This issue affects RustDesk Client: through 1.4.5.
Severity CVSS v4.0: HIGH
Last modification:
10/03/2026

CVE-2026-30797
Publication date:
05/03/2026
Missing Authorization vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Flutter URI scheme handler, config import modules) allows Application API Message Manipulation via Man-in-the-Middle. This vulnerability is associated with program files flutter/lib/common.Dart and program routines importConfig() via URI handler.<br /> <br /> This issue affects RustDesk Client: through 1.4.5.
Severity CVSS v4.0: CRITICAL
Last modification:
25/03/2026
Subscribe to Vulnerabilities