Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-25067
Publication date:
13/02/2025
mySCADA myPRO Manager<br /> <br /> is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
Severity CVSS v4.0: CRITICAL
Last modification:
23/04/2025

CVE-2025-24861
Publication date:
13/02/2025
An attacker may inject commands via specially-crafted post requests.
Severity CVSS v4.0: HIGH
Last modification:
04/03/2025

CVE-2025-20615
Publication date:
13/02/2025
The Qardio Arm iOS application exposes sensitive data such as usernames <br /> and passwords in a plist file. This allows an attacker to log in to <br /> production-level development accounts and access an engineering backdoor<br /> in the application. The engineering backdoor allows the attacker to <br /> send hex-based commands over a UI-based terminal.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2025

CVE-2024-57378
Publication date:
13/02/2025
Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2025-22896
Publication date:
13/02/2025
mySCADA myPRO Manager<br /> <br /> <br /> stores credentials in cleartext, which could allow an attacker to obtain sensitive information.
Severity CVSS v4.0: CRITICAL
Last modification:
04/03/2025

CVE-2025-23411
Publication date:
13/02/2025
mySCADA myPRO Manager<br /> is vulnerable to cross-site request forgery (CSRF), which could allow <br /> an attacker to obtain sensitive information. An attacker would need to <br /> trick the victim in to visiting an attacker-controlled website.
Severity CVSS v4.0: MEDIUM
Last modification:
04/03/2025

CVE-2025-1283
Publication date:
13/02/2025
The Dingtian DT-R0 Series is vulnerable to an exploit that allows <br /> attackers to bypass login requirements by directly navigating to the <br /> main page.
Severity CVSS v4.0: CRITICAL
Last modification:
10/04/2025

CVE-2023-34400
Publication date:
13/02/2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2023-34399
Publication date:
13/02/2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The version of boost library contains vulnerability integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2023-34398
Publication date:
13/02/2025
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. Some values of this table are serialized archive according boost library. The boost library contains a vulnerability/null pointer dereference.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2023-34397
Publication date:
13/02/2025
Mercedes Benz head-unit NTG 6 contains functions to import or export profile settings over USB. During parsing you can trigger that the service will be crashed.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2025

CVE-2025-1127
Publication date:
13/02/2025
The vulnerability can be leveraged by an attacker to execute arbitrary code as an unprivileged user and/or modify the contents of any data on the filesystem.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025
Subscribe to Vulnerabilities