Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-23306
Publication date:
13/08/2025
NVIDIA Megatron-LM for all platforms contains a vulnerability in the megatron/training/<br /> arguments.py component where an attacker could cause a code injection issue by providing a malicious input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2025-2498
Publication date:
13/08/2025
An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions.
Severity CVSS v4.0: Pending analysis
Last modification:
15/08/2025

CVE-2025-2614
Publication date:
13/08/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an authenticated user to cause a denial of service condition by creating specially crafted content that consumes excessive server resources when processed.
Severity CVSS v4.0: Pending analysis
Last modification:
15/08/2025

CVE-2025-23294
Publication date:
13/08/2025
NVIDIA WebDataset for all platforms contains a vulnerability where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2025

CVE-2025-23295
Publication date:
13/08/2025
NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2025

CVE-2025-23296
Publication date:
13/08/2025
NVIDIA Isaac-GR00T for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2025

CVE-2025-23298
Publication date:
13/08/2025
NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability in a python dependency, where an attacker could cause a code injection issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2025

CVE-2025-23303
Publication date:
13/08/2025
NVIDIA NeMo Framework for all platforms contains a vulnerability where a user could cause a deserialization of untrusted data by remote code execution. A successful exploit of this vulnerability might lead to code execution and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2025

CVE-2025-23304
Publication date:
13/08/2025
NVIDIA NeMo library for all platforms contains a vulnerability in the model loading component, where an attacker could cause code injection by loading .nemo files with maliciously crafted metadata. A successful exploit of this vulnerability may lead to remote code execution and data tampering.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2024-12303
Publication date:
13/08/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that under certain conditions could have allowed authenticated users with specific roles and permissions to delete issues including confidential ones by inviting users with a specific role.
Severity CVSS v4.0: Pending analysis
Last modification:
15/08/2025

CVE-2024-5477
Publication date:
13/08/2025
A potential security vulnerability has been identified in the System BIOS for some HP PC products which may allow escalation of privilege, arbitrary code execution, denial of service, or information disclosure via a physical attack that requires specialized equipment and knowledge. HP is releasing firmware mitigation for the potential vulnerability.
Severity CVSS v4.0: HIGH
Last modification:
14/08/2025

CVE-2025-1477
Publication date:
13/08/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints.
Severity CVSS v4.0: Pending analysis
Last modification:
15/08/2025
Subscribe to Vulnerabilities