Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-54615

Publication date:

06/08/2025

Vulnerability of insufficient information protection in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54606

Publication date:

06/08/2025

Status verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54607

Publication date:

06/08/2025

Authentication management vulnerability in the ArkWeb module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54608

Publication date:

06/08/2025

Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54609

Publication date:

06/08/2025

Out-of-bounds access vulnerability in the audio codec module. Impact: Successful exploitation of this vulnerability may affect availability.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54653

Publication date:

06/08/2025

Path traversal vulnerability in the virtualization file module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization file module.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54655

Publication date:

06/08/2025

Race condition vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality and integrity of the virtualization graphics module.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54652

Publication date:

06/08/2025

Path traversal vulnerability in the virtualization base module. Successful exploitation of this vulnerability may affect the confidentiality of the virtualization module.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-54883

Publication date:

06/08/2025

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt function in security-kit versions prior to 3.5.0 (packaged in Vision-ui

Severity CVSS v4.0: CRITICAL

Last modification:

06/08/2025

CVE-2025-54884

Publication date:

06/08/2025

Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the generateSecureId and getSecureRandomInt functions in security-kit versions prior to 3.5.0 (packaged in Vision UI 1.4.0 and below) are vulnerable to Denial of Service (DoS) attacks. The generateSecureId(length) function directly used the length parameter to size a Uint8Array buffer, allowing attackers to exhaust server memory through repeated requests for large IDs since the previous 1024 limit was insufficient. The getSecureRandomInt(min, max) function calculated buffer size based on the range between min and max, where large ranges caused excessive memory allocation and CPU-intensive rejection-sampling loops that could hang the thread. This issue is fixed in version 1.5.0.

Severity CVSS v4.0: HIGH

Last modification:

06/08/2025

CVE-2025-54873

Publication date:

06/08/2025

RISC Zero is a zero-knowledge verifiable general computing platform based on zk-STARKs and the RISC-V microarchitecture. RISC packages risc0-zkvm versions 2.0.0 through 2.1.0 and risc0-circuit-rv32im and risc0-circuit-rv32im-sys versions 2.0.0 through 2.0.4 contain vulnerabilities where signed integer division allows multiple outputs for certain inputs with only one being valid, and division by zero results are underconstrained. This issue is fixed in risc0-zkvm version 2.2.0 and version 3.0.0 for the risc0-circuit-rv32im and risc0-circuit-rv32im-sys packages.

Severity CVSS v4.0: LOW

Last modification:

06/08/2025

CVE-2025-54876

Publication date:

06/08/2025

The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease.

Severity CVSS v4.0: MEDIUM

Last modification:

06/08/2025

Subscribe to Vulnerabilities