Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-43027
Publication date:
30/10/2025
A critical severity vulnerability has been identified in the ALPR Manager role of Security Center that could allow attackers to gain administrative access to the Genetec Security Center system. The Genetec engineering team discovered this issue internally. There is currently no evidence that this vulnerability has been exploited in the wild.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2025-43940
Publication date:
30/10/2025
Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-43941
Publication date:
30/10/2025
Dell Unity, version(s) 5.5 and Prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary command with root privileges. This vulnerability only affects systems without a valid license install.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-50739
Publication date:
30/10/2025
iib0011 omni-tools v0.4.0 is vulnerable to remote code execution via unsafe JSON deserialization.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2025-50736
Publication date:
30/10/2025
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-43939
Publication date:
30/10/2025
Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution and Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-63608
Publication date:
30/10/2025
A SQL injection vulnerability exists in CSZ-CMS
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2025

CVE-2025-10348
Publication date:
30/10/2025
URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without any form of authentication.<br /> <br /> This issue was fixed in version 1.1.24.
Severity CVSS v4.0: MEDIUM
Last modification:
30/10/2025

CVE-2025-10317
Publication date:
30/10/2025
Quick.Cart is vulnerable to Cross-Site Request Forgery in product creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious product with content defined by the attacker.<br /> This software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable.<br /> <br /> The vendor was notified early about this vulnerability, but didn&amp;#39;t respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.
Severity CVSS v4.0: MEDIUM
Last modification:
30/10/2025

CVE-2025-53880
Publication date:
30/10/2025
A Path Traversal vulnerability in the tftpsync/add and tftpsync/delete scripts allows a remote attacker on an adjacent network to write or delete files on the filesystem with the privileges of the unprivileged wwwrun user. Although the endpoint is unauthenticated, access is restricted to a list of allowed IP addresses.
Severity CVSS v4.0: HIGH
Last modification:
30/10/2025

CVE-2025-53883
Publication date:
30/10/2025
A Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability allows attackers to run arbitrary javascript via a reflected XSS issue in the search fields.This issue affects Container suse/manager/5.0/x86_64/server:latest: from ? before 5.0.28-150600.3.36.8; SUSE Manager Server LTS 4.3: from ? before 4.3.88-150400.3.113.5.
Severity CVSS v4.0: CRITICAL
Last modification:
30/10/2025

CVE-2025-39663
Publication date:
30/10/2025
Cross-Site Scripting (XSS) vulnerability in Checkmk&amp;#39;s distributed monitoring allows a compromised remote site to inject malicious HTML code into service outputs in the central site. Affecting Checkmk before 2.4.0p14, 2.3.0p39, 2.2.0 and 2.1.0 (eol).
Severity CVSS v4.0: HIGH
Last modification:
03/12/2025
Subscribe to Vulnerabilities