Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-20173

Publication date:

05/02/2025

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.&nbsp; This vulnerability affects SNMP versions 1, 2c, and 3. To exploit this vulnerability through SNMP v2c or earlier, the attacker must know a valid read-write or read-only SNMP community string for the affected system. To exploit this vulnerability through SNMP v3, the attacker must have valid SNMP user credentials for the affected system.

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20174

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20175

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20176

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20170

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20171

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2025

CVE-2025-20169

Publication date:

05/02/2025

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2025

CVE-2025-20124

Publication date:

05/02/2025

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software. An attacker could exploit this vulnerability by sending a crafted serialized Java object to an affected API. A successful exploit could allow the attacker to execute arbitrary commands on the device and elevate privileges. Note:&nbsp;To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Severity CVSS v4.0: Pending analysis

Last modification:

28/03/2025

CVE-2025-20125

Publication date:

05/02/2025

A vulnerability in an API of Cisco ISE could allow an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node. This vulnerability is due to a lack of authorization in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to attacker to obtain information, modify system configuration, and reload the device. Note:&nbsp;To successfully exploit this vulnerability, the attacker must have valid read-only administrative credentials. In a single-node deployment, new devices will not be able to authenticate during the reload time.

Severity CVSS v4.0: Pending analysis

Last modification:

28/03/2025

CVE-2024-42207

Publication date:

05/02/2025

HCL iAutomate is affected by a session fixation vulnerability. An attacker could hijack a victim&#39;s session ID from their authenticated session.

Severity CVSS v4.0: Pending analysis

Last modification:

10/10/2025

CVE-2024-39564

Publication date:

05/02/2025

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Severity CVSS v4.0: HIGH

Last modification:

26/01/2026

CVE-2025-0858

Publication date:

05/02/2025

A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure.

Severity CVSS v4.0: MEDIUM

Last modification:

27/03/2025

Subscribe to Vulnerabilities