Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-43884
Publication date:
10/09/2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-43885
Publication date:
10/09/2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-43886
Publication date:
10/09/2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) a Path Traversal: '.../...//' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-43887
Publication date:
10/09/2025
Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-43888
Publication date:
10/09/2025
Dell PowerProtect Data Manager, Hyper-V, version(s) 19.19 and 19.20, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-20248
Publication date:
10/09/2025
A vulnerability in the installation process of Cisco IOS XR Software could allow an authenticated, local attacker to bypass Cisco IOS XR Software image signature verification and load unsigned software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges on the affected device.<br /> <br /> This vulnerability is due to incomplete validation of files during the installation of an .iso file. An attacker could exploit this vulnerability by modifying contents of the .iso image and then installing and activating it on the device. A successful exploit could allow the attacker to load an unsigned file as part of the image activation process.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-20340
Publication date:
10/09/2025
A vulnerability in the Address Resolution Protocol (ARP) implementation of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to trigger a broadcast storm, leading to a denial of service (DoS) condition on an affected device.&amp;nbsp;<br /> <br /> This vulnerability is due to how Cisco IOS XR Software processes a high, sustained rate of ARP traffic hitting the management interface. Under certain conditions, an attacker could exploit this vulnerability by sending an excessive amount of traffic to the management interface of an affected device, overwhelming its ARP processing capabilities. A successful exploit could result in degraded device performance, loss of management connectivity, and complete unresponsiveness of the system, leading to a DoS condition.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-29592
Publication date:
10/09/2025
oasys v1.1 is vulnerable to Directory Traversal in ProcedureController.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-43725
Publication date:
10/09/2025
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-20159
Publication date:
10/09/2025
A vulnerability in the management interface access control list (ACL) processing feature in Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass configured ACLs for the SSH, NetConf, and gRPC features.<br /> <br /> This vulnerability exists because management interface ACLs have not been supported on Cisco IOS XR Software Packet I/O infrastructure platforms for Linux-handled features such as SSH, NetConf, or gRPC. An attacker could exploit this vulnerability by attempting to send traffic to an affected device. A successful exploit could allow the attacker to bypass an ingress ACL that is applied on the management interface of the affected device.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-56466
Publication date:
10/09/2025
Hardcoded credentials in Dietly v1.25.0 for android allows attackers to gain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-56578
Publication date:
10/09/2025
An issue in RTSPtoWeb v.2.4.3 allows a remote attacker to obtain sensitive information and executearbitrary code via the lack of authentication mechanisms
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025
Subscribe to Vulnerabilities