Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-58975
Publication date:
09/09/2025
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings allows Cross Site Request Forgery. This issue affects Advanced Settings: from n/a through 3.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-58976
Publication date:
09/09/2025
Missing Authorization vulnerability in Equalize Digital Accessibility Checker by Equalize Digital allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Accessibility Checker by Equalize Digital: from n/a through 1.31.0.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-58977
Publication date:
09/09/2025
Server-Side Request Forgery (SSRF) vulnerability in Rhys Wynne WP eBay Product Feeds allows Server Side Request Forgery. This issue affects WP eBay Product Feeds: from n/a through 3.4.8.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-58978
Publication date:
09/09/2025
Missing Authorization vulnerability in WP Swings PDF Generator for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDF Generator for WordPress: from n/a through 1.5.4.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-58979
Publication date:
09/09/2025
Missing Authorization vulnerability in BerqWP BerqWP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BerqWP: from n/a through 2.2.53.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57087
Publication date:
09/09/2025
Tenda W30E V16.01.0.19 (5037) was discovered to contain a stack overflow in the countryCode parameter in the werlessAdvancedSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57538
Publication date:
09/09/2025
A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual Environment (PVE) 8.4 allows an authenticated user to inject malicious input. The input is stored and executed in the context of other users' browsers when they view the affected configuration page. This can lead to arbitrary JavaScript execution.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57539
Publication date:
09/09/2025
A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment (PVE) 8.4 allows authenticated users to store malicious input. The payload is rendered unsafely in the Web UI and executed when viewed by other users, potentially leading to session hijacking or other attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57540
Publication date:
09/09/2025
A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-58215
Publication date:
09/09/2025
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Ziston allows PHP Local File Inclusion. This issue affects Ziston: from n/a through n/a.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57063
Publication date:
09/09/2025
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025

CVE-2025-57064
Publication date:
09/09/2025
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/09/2025
Subscribe to Vulnerabilities