Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-1698
Publication date:
11/06/2025
Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity CVSS v4.0: LOW
Last modification:
12/06/2025

CVE-2025-1699
Publication date:
11/06/2025
An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity CVSS v4.0: LOW
Last modification:
12/06/2025

CVE-2025-26383
Publication date:
11/06/2025
The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity CVSS v4.0: MEDIUM
Last modification:
12/06/2025

CVE-2025-49148
Publication date:
11/06/2025
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-49146
Publication date:
11/06/2025
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-48446
Publication date:
11/06/2025
Incorrect Authorization vulnerability in Drupal Commerce Alphabank Redirect allows Functionality Misuse.This issue affects Commerce Alphabank Redirect: from 0.0.0 before 1.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2025

CVE-2025-48445
Publication date:
11/06/2025
Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2025

CVE-2025-48448
Publication date:
11/06/2025
Allocation of Resources Without Limits or Throttling vulnerability in Drupal Admin Audit Trail allows Excessive Allocation.This issue affects Admin Audit Trail: from 0.0.0 before 1.0.5.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2025-48447
Publication date:
11/06/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Lightgallery allows Cross-Site Scripting (XSS).This issue affects Lightgallery: from 0.0.0 before 1.6.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2025-48444
Publication date:
11/06/2025
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2025-48013
Publication date:
11/06/2025
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2025-0163
Publication date:
11/06/2025
IBM Security Verify Access Appliance and Docker 10.0 through 10.0.8 could allow a remote attacker to enumerate usernames due to an observable response discrepancy of disabled accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025
Subscribe to Vulnerabilities