Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-59612
Publication date:
01/06/2026
Memory corruption in windows drivers while sending incorrect trusted application request
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59613
Publication date:
01/06/2026
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59614
Publication date:
01/06/2026
Memory Corruption when sending random number generator command with insufficient output buffer size.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59601
Publication date:
01/06/2026
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59604
Publication date:
01/06/2026
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59605
Publication date:
01/06/2026
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59606
Publication date:
01/06/2026
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2019-25718
Publication date:
01/06/2026
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
Severity CVSS v4.0: HIGH
Last modification:
01/06/2026

CVE-2026-40964
Publication date:
01/06/2026
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token.<br /> <br /> Affected versions:<br /> - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later<br /> - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7)
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2026-40965
Publication date:
01/06/2026
Cloud Foundry UAA versions v76.12.0 through v78.12.0 are vulnerable to a private key exposure. The server contains a vulnerability where EC (Elliptic Curve) private keys are inadvertently exposed through the public /token_keys endpoint. This endpoint is designed to provide public key material for JWT token verification but incorrectly exposes private key components for EC keys. The vulnerability affects deployments using EC keys for JWT token signing. The vulnerability does not affect RSA key configurations, only deployments using EC keys for JWT signing.<br /> <br /> Affected versions:<br /> - uaa_release: v76.12.0 through v78.12.0 (inclusive); fixed in v78.13.0 or later<br /> - CF Deployment: v30.0.0 through v56.0.0 (inclusive); fixed in v56.1.0 or later (bundles uaa_release v78.13.0)
Severity CVSS v4.0: CRITICAL
Last modification:
01/06/2026

CVE-2026-49491
Publication date:
01/06/2026
Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the &amp;#39;rib&amp;#39; parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.
Severity CVSS v4.0: HIGH
Last modification:
01/06/2026

CVE-2026-28580
Publication date:
01/06/2026
In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026
Subscribe to Vulnerabilities