Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-2330
Publication date:
02/07/2025
The All-in-One Addons for Elementor – WidgetKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button+modal' widget in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025

CVE-2025-4946
Publication date:
02/07/2025
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Note: Requires Vikinger Media plugin to be installed and active.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-27023
Publication date:
02/07/2025
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 <br /> version R6.1.3 allows remote authenticated users to read all OS files <br /> via crafted CLI commands.<br /> <br /> <br /> Details: The web interface based management of the Infinera G42 appliance enables the feature of<br /> executing a restricted set of commands. This feature <br /> also offers the option to execute a script-file already present on the target<br /> device. When a non-script or incorrect file is specified, the content <br /> of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-27024
Publication date:
02/07/2025
Unrestricted access to OS file system in SFTP service in Infinera G42 <br /> version R6.1.3 allows remote authenticated users to read/write OS files <br /> via SFTP connections.<br /> <br /> <br /> Details: Account members of the Network Administrator profile can access the <br /> target machine via SFTP with the same credentials used for SSH CLI <br /> access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-27025
Publication date:
02/07/2025
The target device exposes a service on a specific TCP port with a configured<br /> endpoint. The access to that endpoint is granted using a Basic Authentication<br /> method. The endpoint accepts also the PUT method and it is possible to <br /> write files on the target device file system. Files are written as root.<br /> Using Postman it is possible to perform a Directory Traversal attack <br /> and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the <br /> same mechanism to read any file from the file system by using the GET <br /> method.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-24335
Publication date:
02/07/2025
Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.<br /> <br /> No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-27021
Publication date:
02/07/2025
The misconfiguration in the sudoers configuration of the operating system in<br /> Infinera G42 version R6.1.3 allows low privileged OS users to <br /> read/write physical memory via devmem command line tool. <br /> This could <br /> allow sensitive information disclosure, denial of service, and privilege <br /> escalation by tampering with kernel memory.<br /> <br /> <br /> Details: The output of "sudo -l" reports the presence of "devmem" command <br /> executable as super user without using a password. This command allows <br /> to read and write an arbitrary memory area of the target device, <br /> specifying an absolute address.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-27022
Publication date:
02/07/2025
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 <br /> allows remote authenticated users to download all OS files via HTTP <br /> requests.<br /> <br /> <br /> Details: <br /> <br /> Lack or insufficient validation of user-supplied input allows <br /> authenticated users to access all files on the target machine file <br /> system that are readable to the user account used to run the httpd <br /> service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-24329
Publication date:
02/07/2025
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.<br /> <br /> Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-24330
Publication date:
02/07/2025
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.<br /> <br /> Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-24331
Publication date:
02/07/2025
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.<br /> <br /> Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025

CVE-2025-24332
Publication date:
02/07/2025
Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity boards using the internal bsoc SSH service, which is available only internally within the baseband and through the internal backplane between the boards. The bsoc SSH allows login from one board to another via the baseband internal backplane using an SSH private key present on the baseband system board.<br /> <br /> This bsoc SSH capability was previously considered an administrative functionality but has now been restricted to be available only to baseband root-privileged administrators. This restriction mitigates the possibility of misuse with lower-level privileges (e.g., from baseband software images). This mitigation is included starting from release 23R4-SR 3.0 MP and later
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2025
Subscribe to Vulnerabilities