Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-25235
Publication date:
11/08/2025
Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-54878
Publication date:
11/08/2025
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A heap buffer overflow vulnerability exists in NASA CryptoLib version 1.4.0 and prior in the IV setup logic for telecommand frames. The problem arises from missing bounds checks when copying the Initialization Vector (IV) into a freshly allocated buffer. An attacker can supply a crafted TC frame that causes the library to write one byte past the end of the heap buffer, leading to heap corruption and undefined behaviour. An attacker supplying a malformed telecommand frame can corrupt heap memory. This leads to undefined behaviour, which could manifest itself as a crash (denial of service) or more severe exploitation. This issue has been patched in version 1.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2025

CVE-2025-40920
Publication date:
11/08/2025
Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.<br /> * Data::UUID does not use a strong cryptographic source for generating UUIDs.<br /> * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.<br /> * The nonces should be generated from a strong cryptographic source, as per RFC 7616.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-32640
Publication date:
11/08/2025
MASA CMS is an Enterprise Content Management platform based on open source technology. Versions prior to 7.4.5, 7.3.12, and 7.2.7 contain a SQL injection vulnerability in the `processAsyncObject` method that can result in remote code execution. Versions 7.4.5, 7.3.12, and 7.2.7 contain a fix for the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-54463
Publication date:
11/08/2025
Mattermost Confluence Plugin version
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-54478
Publication date:
11/08/2025
Mattermost Confluence Plugin version
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-54525
Publication date:
11/08/2025
Mattermost Confluence Plugin version
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-8285
Publication date:
11/08/2025
Mattermost Confluence Plugin version
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2025-7677
Publication date:
11/08/2025
A denial-of-service (DoS) attack is possible if access to the local network is provided to unauthorized users. This is due to a buffer copy issue that may lead to a software crash. <br /> This issue affects all versions of ASPECT.
Severity CVSS v4.0: HIGH
Last modification:
15/04/2026

CVE-2025-7679
Publication date:
11/08/2025
The ASPECT system allows users to bypass authentication.<br /> This issue affects all versions of ASPECT
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2025-53190
Publication date:
11/08/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: HIGH
Last modification:
21/08/2025

CVE-2025-53191
Publication date:
11/08/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: HIGH
Last modification:
21/08/2025
Subscribe to Vulnerabilities