Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-47403
Publication date:
04/05/2026
Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2025-47404
Publication date:
04/05/2026
Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2025-47405
Publication date:
04/05/2026
Memory corruption when processing camera sensor input/output control codes with invalid output buffers.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2025-47406
Publication date:
04/05/2026
Information Disclosure while processing IOCTL handler callbacks without verifying buffer size.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2026-36365
Publication date:
04/05/2026
An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2026-37458
Publication date:
04/05/2026
Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2026-40563
Publication date:
04/05/2026
Description:<br /> Improper Control of Generation of Code (&amp;#39;Code Injection&amp;#39;) vulnerability in Apache Atlas<br /> Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data<br /> <br /> <br /> <br /> <br /> Affect Version:<br /> This issue affects Apache Atlas: from 0.8 through 2.4.0.<br /> <br /> <br /> <br /> For the affect version &gt;= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration.<br /> <br /> <br /> atlas.dsl.executor.traversal=false<br /> <br /> <br /> <br /> Mitigation:<br /> Users are recommended to upgrade to version 2.5.0, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2025-70071
Publication date:
04/05/2026
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXParser.cpp, ParseVectorDataArray()
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2026-6500
Publication date:
04/05/2026
Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data.<br /> <br /> This issue affects OpenConcerto: 1.7.5.
Severity CVSS v4.0: MEDIUM
Last modification:
05/05/2026

CVE-2026-6501
Publication date:
04/05/2026
Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup.<br /> <br /> This issue affects jOpenDocument: 1.5.
Severity CVSS v4.0: MEDIUM
Last modification:
05/05/2026

CVE-2026-33523
Publication date:
04/05/2026
HTTP response splitting vulnerability in multiple Apache HTTP Server modules with untrusted or compromised backend servers.<br /> <br /> This issue affects Apache HTTP Server: from through 2.4.66.<br /> <br /> Users are recommended to upgrade to version 2.4.67, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2026

CVE-2026-33007
Publication date:
04/05/2026
A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.<br /> <br /> Users are recommended to upgrade to version 2.4.67, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2026
Subscribe to Vulnerabilities