Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-31794
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a segmentation fault from invalid/wild pointer read in CIccCLUT::Interp3d() causing a denial of service. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-31795
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply() corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30987
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues() causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30981
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-buffer-overflow read in CIccXmlArrayType::DumpArray() causing out-of-bounds read and/or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30982
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccPcsXform::pushXYZConvert() causing crash and potentially leaking memory contents. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30983
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in icFixXml() (strcpy) causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30984
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap out-of-bounds read in CIccCalculatorFunc::ApplySequence() causing an application crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30985
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30986
Publication date:
10/03/2026
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange() causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-30977
Publication date:
10/03/2026
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This vulnerability is fixed in 0.1.1.
Severity CVSS v4.0: LOW
Last modification:
11/03/2026

CVE-2026-30973
Publication date:
10/03/2026
Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation (extractAllTo() via ZipExtractor.extract()) with a path traversal (Zip Slip) check that is non-functional. The check at line 88 of packages/support/lib/zip.js creates an Error object but never throws it, allowing malicious ZIP entries with ../ path components to write files outside the intended destination directory. This affects all JS-based extractions (the default code path), not only those using the fileNamesEncoding option. This vulnerability is fixed in 7.0.6.
Severity CVSS v4.0: Pending analysis
Last modification:
12/03/2026

CVE-2026-30974
Publication date:
10/03/2026
Copyparty is a portable file server. Prior to v1.20.11., the nohtml config option, intended to prevent execution of JavaScript in user-uploaded HTML files, did not apply to SVG images. A user with write-permission could upload an SVG containing embedded JavaScript, which would execute in the context of whichever user opens it. This has been fixed in v1.20.11.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026
Subscribe to Vulnerabilities