Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-49588

Publication date:
02/07/2025
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In version 2.10.2, the server accepts links of format file:///etc/passwd and doesn't do any validation before sending them to parsers and playwright, this can result in leak of other user's links (and in some cases it might be possible to leak environment secrets). This issue has been patched in version 2.10.3 which has not been made public at time of publication.
Severity CVSS v4.0: HIGH
Last modification:
03/07/2025

CVE-2025-34057

Publication date:
02/07/2025
An information disclosure vulnerability exists in Ruijie NBR series routers (known to affect NBR2000G, NBR1300G, and NBR1000 models) via the /WEB_VMS/LEVEL15/ endpoint. By crafting a specific POST request with modified Cookie headers and specially formatted parameters, an unauthenticated attacker can retrieve administrative account credentials in plaintext. This flaw allows direct disclosure of sensitive user data due to improper authentication checks and insecure backend logic.
Severity CVSS v4.0: HIGH
Last modification:
03/07/2025

CVE-2025-34069

Publication date:
02/07/2025
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.
Severity CVSS v4.0: CRITICAL
Last modification:
03/07/2025

CVE-2025-34070

Publication date:
02/07/2025
A missing authentication vulnerability in the GFIAgent component of GFI Kerio Control 9.4.5 allows unauthenticated remote attackers to perform privileged operations. The GFIAgent service, responsible for integration with GFI AppManager, exposes HTTP services on ports 7995 and 7996 without proper authentication. The /proxy handler on port 7996 allows arbitrary forwarding to administrative endpoints when provided with an Appliance UUID, which itself can be retrieved from port 7995. This results in a complete authentication bypass, permitting access to sensitive administrative APIs.
Severity CVSS v4.0: CRITICAL
Last modification:
03/07/2025

CVE-2025-34071

Publication date:
02/07/2025
A remote code execution vulnerability in GFI Kerio Control 9.4.5 allows attackers with administrative access to upload and execute arbitrary code through the firmware upgrade feature. The system upgrade mechanism accepts unsigned .img files, which can be modified to include malicious scripts within the upgrade.sh or disk image components. These modified upgrade images are not validated for authenticity or integrity, and are executed by the system post-upload, enabling root access.
Severity CVSS v4.0: CRITICAL
Last modification:
03/07/2025

CVE-2025-34072

Publication date:
02/07/2025
A data exfiltration vulnerability exists in Anthropic’s deprecated Slack Model Context Protocol (MCP) Server via automatic link unfurling. When an AI agent using the Slack MCP Server processes untrusted data, it can be manipulated to generate messages containing attacker-crafted hyperlinks embedding sensitive data. Slack’s link preview bots (e.g., Slack-LinkExpanding, Slackbot, Slack-ImgProxy) will then issue outbound requests to the attacker-controlled URL, resulting in zero-click exfiltration of private data.
Severity CVSS v4.0: CRITICAL
Last modification:
03/07/2025

CVE-2025-34073

Publication date:
02/07/2025
An unauthenticated command injection vulnerability exists in stamparm/maltrail (Maltrail) versions
Severity CVSS v4.0: CRITICAL
Last modification:
03/07/2025

CVE-2025-34067

Publication date:
02/07/2025
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.
Severity CVSS v4.0: CRITICAL
Last modification:
07/07/2025

CVE-2025-27026

Publication date:
02/07/2025
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 <br /> version R6.1.3 allows an authenticated administrator to make other <br /> management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No <br /> confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-46647

Publication date:
02/07/2025
A vulnerability of plugin openid-connect in Apache APISIX.<br /> <br /> This vulnerability will only have an impact if all of the following conditions are met:<br /> 1. Use the openid-connect plugin with introspection mode<br /> 2. The auth service connected to openid-connect provides services to multiple issuers<br /> 3. Multiple issuers share the same private key and relies only on the issuer being different<br /> <br /> If affected by this vulnerability, it would allow an attacker with a valid account on one of the issuers to log into the other issuer.<br /> <br /> <br /> <br /> <br /> This issue affects Apache APISIX: until 3.12.0.<br /> <br /> Users are recommended to upgrade to version 3.12.0 or higher.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2024-35164

Publication date:
02/07/2025
The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed<br /> with the privileges of the running guacd process.<br /> <br /> <br /> <br /> <br /> Users are recommended to upgrade to version 1.6.0, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2025-39362

Publication date:
02/07/2025
Missing Authorization vulnerability in Mollie Mollie Payments for WooCommerce.This issue affects Mollie Payments for WooCommerce: from n/a through 8.0.2.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025