Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-9548
Publication date:
15/10/2025
A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025

CVE-2025-6026
Publication date:
15/10/2025
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain encrypted application metadata, including device information, geolocation, and telemetry data.
Severity CVSS v4.0: LOW
Last modification:
16/10/2025

CVE-2025-8486
Publication date:
15/10/2025
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2025

CVE-2025-55083
Publication date:
15/10/2025
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025

CVE-2025-56748
Publication date:
15/10/2025
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-56749
Publication date:
15/10/2025
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-10581
Publication date:
15/10/2025
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2025

CVE-2025-10699
Publication date:
15/10/2025
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025

CVE-2025-61958
Publication date:
15/10/2025
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell.  For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2025

CVE-2025-61960
Publication date:
15/10/2025
When a per-request policy is configured on a BIG-IP APM portal access virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2025

CVE-2025-61974
Publication date:
15/10/2025
When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
16/10/2025

CVE-2025-60015
Publication date:
15/10/2025
An out-of-bounds write vulnerability exists in F5OS-A and F5OS-C that could lead to memory corruption. <br /> <br /> <br /> <br /> <br /> Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025
Subscribe to Vulnerabilities