Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-40991
Publication date:
10/06/2026
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed.<br /> <br /> Affected versions:<br /> Spring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-40993
Publication date:
10/06/2026
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).<br /> <br /> Affected versions:<br /> Spring Security 7.0.0 through 7.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41003
Publication date:
10/06/2026
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.<br /> <br /> Affected versions:<br /> Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41008
Publication date:
10/06/2026
Spring Security Authorization Server&amp;#39;s authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.<br /> <br /> Affected versions:<br /> Spring Security 7.0.0 through 7.0.5.<br /> Spring Authorization Server 1.5.0 through 1.5.7.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41694
Publication date:
10/06/2026
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle.<br /> <br /> Affected versions:<br /> Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41695
Publication date:
10/06/2026
Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution.<br /> <br /> Affected versions:<br /> Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41696
Publication date:
10/06/2026
Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting.<br /> <br /> Affected versions:<br /> Spring Data MongoDB 5.0.0 through 5.0.5; 4.5.0 through 4.5.11; 4.4.0 through 4.4.14; 4.3.0 through 4.3.16; 4.2.0 through 4.2.15; 4.1.0 through 4.1.14; 4.0.0 through 4.0.15; 3.4.0 through 3.4.19.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-41697
Publication date:
10/06/2026
Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can supply wildcard characters to perform boolean-based blind data inference.<br /> <br /> Affected versions:<br /> Spring Data Relational/JDBC/R2DBC 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.4.0 through 2.4.19.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-40988
Publication date:
10/06/2026
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.<br /> <br /> Affected versions:<br /> Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-9754
Publication date:
09/06/2026
An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command
Severity CVSS v4.0: HIGH
Last modification:
09/06/2026

CVE-2026-9747
Publication date:
09/06/2026
Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server.
Severity CVSS v4.0: HIGH
Last modification:
09/06/2026

CVE-2026-9748
Publication date:
09/06/2026
The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines. When this stage is placed before $facet in a pipeline, TeeBuffer receives the unexpected PauseExecution from upstream and hits a hard invariant assertion, crashing mongod.
Severity CVSS v4.0: HIGH
Last modification:
09/06/2026
Subscribe to Vulnerabilities