Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-49082
Publication date:
31/07/2025
CVE-2025-49082 is a vulnerability in the management console<br /> of Absolute Secure Access prior to version 13.56. Attackers with administrative<br /> access to the console and who have been assigned a certain set of permissions<br /> can bypass those permissions to improperly read other settings. The attack<br /> complexity is low, there are no preexisting attack requirements; the privileges<br /> required are high, and there is no user interaction required. The impact to<br /> system confidentiality is low, there is no impact to system availability or<br /> integrity.
Severity CVSS v4.0: MEDIUM
Last modification:
05/08/2025

CVE-2025-49083
Publication date:
31/07/2025
CVE-2025-49083 is a vulnerability in the management console<br /> of Absolute Secure Access after version 12.00 and prior to version 13.56.<br /> Attackers with administrative access to the console can cause unsafe content to<br /> be deserialized and executed in the security context of the console. The attack<br /> complexity is low and there are no attack requirements. Privileges required are<br /> high and there is no user interaction required. The impact to confidentiality<br /> is low, impact to integrity is high and there is no impact to availability. The<br /> impact to the confidentiality and integrity of subsequent systems is low and<br /> there is no subsequent system impact to availability.
Severity CVSS v4.0: HIGH
Last modification:
05/08/2025

CVE-2025-7356
Publication date:
30/07/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2025-8336
Publication date:
30/07/2025
A vulnerability classified as critical was found in Campcodes Online Recruitment Management System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=save_user. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
06/08/2025

CVE-2025-8337
Publication date:
30/07/2025
A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_vehicles.php. The manipulation of the argument car_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
05/08/2025

CVE-2024-11478
Publication date:
30/07/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
30/07/2025

CVE-2025-54586
Publication date:
30/07/2025
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can inject extra commits into the pack sent to GitHub, commits that aren’t pointed to by any branch. Although these “hidden” commits never show up in the repository’s visible history, GitHub still serves them at their direct commit URLs. This lets an attacker exfiltrate sensitive data without ever leaving a trace in the branch view. We rate this a High‑impact vulnerability because it completely compromises repository confidentiality. This is fixed in version 1.19.2.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2025

CVE-2025-8334
Publication date:
30/07/2025
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ajax.php?action=delete_recruitment_status. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
06/08/2025

CVE-2025-8335
Publication date:
30/07/2025
A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
05/08/2025

CVE-2025-54585
Publication date:
30/07/2025
GitProxy is an application that stands between developers and a Git remote endpoint. In versions 1.19.1 and below, attackers can exploit the way GitProxy handles new branch creation to bypass the approval of prior commits on the parent branch. The vulnerability impacts all users or organizations relying on GitProxy to enforce policy and prevent unapproved changes. It requires no elevated privileges beyond regular push access, and no extra user interaction. It does however, require a GitProxy administrator or designated user (canUserApproveRejectPush) to approve pushes to the child branch. This is fixed in version 1.19.2.
Severity CVSS v4.0: HIGH
Last modification:
01/08/2025

CVE-2025-8332
Publication date:
30/07/2025
A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
05/08/2025

CVE-2025-8333
Publication date:
30/07/2025
A vulnerability was found in code-projects Online Farm System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /categoryvalue.php. The manipulation of the argument Value leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
05/08/2025
Subscribe to Vulnerabilities