Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-6951

Publication date:
01/07/2025
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for this attack to succeed. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: MEDIUM
Last modification:
03/07/2025

CVE-2025-6952

Publication date:
01/07/2025
A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.
Severity CVSS v4.0: MEDIUM
Last modification:
03/07/2025

CVE-2025-49481

Publication date:
01/07/2025
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router modules allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pbwork-queue.C.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49482

Publication date:
01/07/2025
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. <br /> This vulnerability is associated with program files tr069/tr098.c.<br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49483

Publication date:
01/07/2025
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in tr069 modules allows Resource Leak Exposure. This vulnerability is associated with program files tr069/tr069_uci.c.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-5314

Publication date:
01/07/2025
The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49480

Publication date:
01/07/2025
Out-of-bounds access in ASR180x 、ASR190x in lte-telephony, This vulnerability is associated with program files apps/lzma/src/LzmaEnc.c.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49491

Publication date:
01/07/2025
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49492

Publication date:
01/07/2025
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun.  This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-6224

Publication date:
01/07/2025
Certificate generation in juju/utils using the cert.NewLeaf function could include private information. If this certificate were then transferred over the network in plaintext, an attacker listening on that network could sniff the certificate and trivially extract the private key from it.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-49488

Publication date:
01/07/2025
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router <br /> <br /> components<br /> <br /> allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c.<br /> <br /> This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-6756

Publication date:
01/07/2025
The Ultra Addons for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s UACF7_CUSTOM_FIELDS shortcode in all versions up to, and including, 3.5.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025