Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-12198

Publication date:

27/10/2025

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq&#39;s documented design, rather than security vulnerabilities.

Severity CVSS v4.0: HIGH

Last modification:

03/11/2025

CVE-2025-6601

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.3, and 18.5 before 18.5.1 that under certain conditions could have allowed authenticated users to gain unauthorized project access by exploiting the access request approval workflow.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2025

CVE-2025-11447

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending GraphQL requests with crafted JSON payloads.

Severity CVSS v4.0: Pending analysis

Last modification:

27/10/2025

CVE-2025-11989

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab EE affecting all versions from 17.6.0 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to execute unauthorized quick actions by including malicious commands in specific descriptions.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2025

CVE-2025-11974

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.7 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to create a denial of service condition by uploading large files to specific API endpoints.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2025

CVE-2025-11971

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab EE affecting all versions from 10.6 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an authenticated attacker to trigger unauthorized pipeline executions by manipulating commits.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2025

CVE-2025-10497

Publication date:

27/10/2025

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.3.5, 18.4 before 18.4.3, and 18.5 before 18.5.1 that could have allowed an unauthenticated attacker to cause a denial of service condition by sending specially crafted payloads.

Severity CVSS v4.0: Pending analysis

Last modification:

27/10/2025

CVE-2025-12285

Publication date:

26/10/2025

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Severity CVSS v4.0: CRITICAL

Last modification:

10/11/2025

CVE-2025-12284

Publication date:

26/10/2025

Lack of Input Validation in the web UI might lead to potential exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Severity CVSS v4.0: MEDIUM

Last modification:

10/11/2025

CVE-2025-12278

Publication date:

26/10/2025

Logout Functionality not Working.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Severity CVSS v4.0: MEDIUM

Last modification:

10/11/2025

CVE-2025-12275

Publication date:

26/10/2025

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.

Severity CVSS v4.0: CRITICAL

Last modification:

07/11/2025

CVE-2025-8709

Publication date:

26/10/2025

A SQL injection vulnerability exists in the langchain-ai/langchain repository, specifically in the LangGraph&#39;s SQLite store implementation. The affected version is langgraph-checkpoint-sqlite 2.0.10. The vulnerability arises from improper handling of filter operators ($eq, $ne, $gt, $lt, $gte, $lte) where direct string concatenation is used without proper parameterization. This allows attackers to inject arbitrary SQL, leading to unauthorized access to all documents, data exfiltration of sensitive fields such as passwords and API keys, and a complete bypass of application-level security filters.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

Subscribe to Vulnerabilities