Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-30171

Publication date:
22/05/2025
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13931

Publication date:
22/05/2025
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-9639

Publication date:
22/05/2025
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2025-2409

Publication date:
22/05/2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-52874

Publication date:
22/05/2025
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2024-13928

Publication date:
22/05/2025
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13929

Publication date:
22/05/2025
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13930

Publication date:
22/05/2025
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: MEDIUM
Last modification:
23/05/2025

CVE-2025-48061

Publication date:
22/05/2025
wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting "This is a public computer" during login or the user selects "Delete all your personal information and conversations on this device" upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2025-43596

Publication date:
22/05/2025
An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15).
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2025-46715

Publication date:
22/05/2025
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to write to. GetRegValue then writes the contents of the SBIE registry entry selected to this address. An attacker can pass in a kernel pointer and the driver dumps the registry key contents we requested to it. This can be triggered by anyone on the system, including low integrity windows processes. Version 1.15.12 fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025

CVE-2025-46716

Publication date:
22/05/2025
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointer the user has passed in is safe to read from. SetRegValue then reads an arbitrary address, which can be a kernel pointer, into a HKLM Security SBIE registry value. This can later be retrieved by API_GET_SECURE_PARAM. Version 1.15.12 fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
23/05/2025