Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-58241
Publication date:
24/09/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_core: Disable works on hci_unregister_dev<br /> <br /> This make use of disable_work_* on hci_unregister_dev since the hci_dev is<br /> about to be freed new submissions are not disarable.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2026

CVE-2025-58457
Publication date:
24/09/2025
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions.<br /> <br /> This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4.<br /> <br /> Users are recommended to upgrade to version 3.9.4, which fixes the issue.<br /> <br /> The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.)
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2025-41716
Publication date:
24/09/2025
The web application allows an unauthenticated remote attacker to learn information about existing user accounts with their corresponding role due to missing authentication for critical function.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-9031
Publication date:
24/09/2025
Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-41715
Publication date:
24/09/2025
The database for the web application is exposed without authentication, allowing an unauthenticated remote attacker to gain unauthorized access and potentially compromise it.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-48459
Publication date:
24/09/2025
Deserialization of Untrusted Data vulnerability in Apache IoTDB.<br /> <br /> This issue affects Apache IoTDB: from 1.0.0 before 2.0.5.<br /> <br /> Users are recommended to upgrade to version 2.0.5, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2025-48392
Publication date:
24/09/2025
A vulnerability in Apache IoTDB.<br /> <br /> This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4.<br /> <br /> Users are recommended to upgrade to version 2.0.5, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2025-58317
Publication date:
24/09/2025
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2025-58319
Publication date:
24/09/2025
Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2025-59924
Publication date:
24/09/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-59925
Publication date:
24/09/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-59926
Publication date:
24/09/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025
Subscribe to Vulnerabilities