Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-47315

Publication date:
19/05/2026
Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-47314

Publication date:
19/05/2026
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-47313

Publication date:
19/05/2026
Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-47312

Publication date:
19/05/2026
Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-8813

Publication date:
19/05/2026
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing, ExifReader repeatedly processes the same record and appends entries to an array without sufficient bounds validation, causing excessive memory growth. In applications that parse attacker-supplied images, this may lead to denial of service through memory exhaustion.
Severity CVSS v4.0: HIGH
Last modification:
19/05/2026

CVE-2026-8814

Publication date:
19/05/2026
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory.
Severity CVSS v4.0: MEDIUM
Last modification:
19/05/2026

CVE-2026-47311

Publication date:
19/05/2026
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-8830

Publication date:
19/05/2026
A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction() fails to validate that the newly created credential&amp;#39;s parameters, such as public key algorithms, match the realm&amp;#39;s configured WebAuthn policies. This could lead to the creation of credentials that do not adhere to administrative security requirements, potentially weakening the overall security posture of the system by allowing non-compliant authentication methods.
Severity CVSS v4.0: Pending analysis
Last modification:
26/06/2026

CVE-2025-15609

Publication date:
19/05/2026
The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis&amp;#39; API and retrieve sensitive customer information, like past orders, PII, etc.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2026

CVE-2026-47310

Publication date:
19/05/2026
Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-47309

Publication date:
19/05/2026
Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads.<br /> <br /> This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2026-47308

Publication date:
19/05/2026
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation.<br /> <br /> This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026