Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-3038
Publication date:
09/03/2026
The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it&amp;#39;s possible for a malicious userspace program to craft a request which triggers a 127-byte overflow.<br /> <br /> In practice, this overflow immediately overwrites the canary for the rtsock_msg_buffer() stack frame, resulting in a panic once the function returns.<br /> <br /> The bug allows an unprivileged user to crash the kernel by triggering a stack buffer overflow in rtsock_msg_buffer(). In particular, the overflow will corrupt a stack canary value that is verified when the function returns; this mitigates the impact of the stack overflow by triggering a kernel panic.<br /> <br /> Other kernel bugs may exist which allow userspace to find the canary value and thus defeat the mitigation, at which point local privilege escalation may be possible.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-21736
Publication date:
09/03/2026
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.<br /> <br /> This is caused by improper handling of the memory protections for the user-mode wrapped memory resource.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-3818
Publication date:
09/03/2026
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: MEDIUM
Last modification:
09/03/2026

CVE-2025-14558
Publication date:
09/03/2026
The rtsol(8) and rtsold(8) programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf(8) unmodified.<br /> <br /> resolvconf(8) is a shell script which does not validate its input. A lack of quoting meant that shell commands pass as input to resolvconf(8) may be executed.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-14769
Publication date:
09/03/2026
In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference.<br /> <br /> Maliciously crafted packets sent from a remote host may result in a Denial of Service (DoS) if the `tcp-setmss` directive is used and a subsequent rule would allow the traffic to pass.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-3817
Publication date:
09/03/2026
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
09/03/2026

CVE-2025-15547
Publication date:
09/03/2026
By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks.<br /> <br /> If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel&amp;#39;s path lookup logic allows that user to escape the jail&amp;#39;s chroot, yielding access to the full filesystem of the host or parent jail.<br /> <br /> In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail&amp;#39;s filesystem root.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2025-15576
Publication date:
09/03/2026
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one.<br /> <br /> In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other.<br /> <br /> When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues.<br /> <br /> In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process&amp;#39; jail root. This enables full filesystem access for a jailed process, breaking the chroot.<br /> <br /> Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-25604
Publication date:
09/03/2026
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. <br /> This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.<br /> <br /> You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026

CVE-2026-3815
Publication date:
09/03/2026
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Severity CVSS v4.0: HIGH
Last modification:
09/03/2026

CVE-2026-3816
Publication date:
09/03/2026
A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.56.0 is able to resolve this issue. The identifier of the patch is e8f1e5131535b8fd80a7b1b3085d676295fdcd41. Upgrading the affected component is recommended.
Severity CVSS v4.0: MEDIUM
Last modification:
09/03/2026

CVE-2025-69219
Publication date:
09/03/2026
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low.<br /> <br /> You should upgrade to version 6.0.0 of the provider to avoid even that risk.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2026
Subscribe to Vulnerabilities