Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-53711
Publication date:
29/07/2025
A vulnerability has been found in TP-Link TL-WR841N v11, TL-WR842ND v2 and TL-WR494N v3. The vulnerability exists in the /userRpm/WlanNetworkRpm.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: MEDIUM
Last modification:
19/03/2026

CVE-2025-53712
Publication date:
29/07/2025
A vulnerability has been found in TP-Link TL-WR841N V11. The vulnerability exists in the /userRpm/WlanNetworkRpm_AP.htm file due to missing input parameter validation, which may lead to the buffer overflow to cause a crash of the web service and result in a denial-of-service (DoS) condition. The attack may be launched remotely. This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: MEDIUM
Last modification:
01/08/2025

CVE-2025-52284
Publication date:
29/07/2025
Totolink X6000R V9.4.0cu.1360_B20241207 was found to contain a command injection vulnerability in the sub_4184C0 function via the tz parameter. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
15/09/2025

CVE-2025-36010
Publication date:
29/07/2025
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 <br /> <br /> could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2025

CVE-2025-2179
Publication date:
29/07/2025
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so.<br /> <br /> The GlobalProtect app on Windows, macOS, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026

CVE-2025-2533
Publication date:
29/07/2025
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Severity CVSS v4.0: Pending analysis
Last modification:
06/08/2025

CVE-2025-2928
Publication date:
29/07/2025
SQL Injection affecting the Archiver role.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-27514
Publication date:
29/07/2025
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In versions 9.5.0 through 10.0.18, a technician can use a malicious payload to trigger a stored XSS on the project&amp;#39;s kanban. This is fixed in version 10.0.19.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2025

CVE-2025-31965
Publication date:
29/07/2025
Improper access restrictions in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0248 and lower) allow non-admin users to view unauthorized information on certain web pages.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-54420
Publication date:
29/07/2025
Rejected reason: This CVE is a duplicate of CVE-2025-8129.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2025

CVE-2025-54432
Publication date:
29/07/2025
Rejected reason: This CVE is a duplicate of another CVE. See CVE-2018-25031 and CVE-2021-46708.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2025

CVE-2025-5922
Publication date:
29/07/2025
Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In versions below v18.40.6.17 the PIN&amp;#39;s hash is stored in a system registry accessible to regular users, making it possible to perform a brute-force attack using rainbow tables, since the hash is not salted.<br /> LTS (Long-Term Support) versions also received patches in v17.2025.6.27 and v16.2025.6.27 releases.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026
Subscribe to Vulnerabilities