Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-4739

Publication date:

24/03/2026

Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (‎Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.

Severity CVSS v4.0: CRITICAL

Last modification:

24/03/2026

CVE-2026-4741

Publication date:

24/03/2026

Improper Limitation of a Pathname to a Restricted Directory (&#39;Path Traversal&#39;) vulnerability in TeamJCD JoyConDroid (app/src/main/java/com/rdapps/gamepad/util modules). This vulnerability is associated with program files UnzipUtil.Java‎. This issue affects JoyConDroid: through 1.0.93.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4737

Publication date:

24/03/2026

Use After Free vulnerability in No-Chicken Echo-Mate (‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules). This vulnerability is associated with program files rmap.C‎. This issue affects Echo-Mate: before V250329.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4735

Publication date:

24/03/2026

Deserialization of Untrusted Data vulnerability in DTStack chunjun (‎chunjun-core/src/main/java/com/dtstack/chunjun/util modules). This vulnerability is associated with program files GsonUtil.Java. This issue affects chunjun: before 1.16.1.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4736

Publication date:

24/03/2026

Improper Handling of Values vulnerability in No-Chicken Echo-Mate (SDK/rv1106-sdk/sysdrv/source/kernel/include/net/netfilter modules). This vulnerability is associated with program files nf_tables.H‎, nft_byteorder.C‎, nft_meta.C‎. This issue affects Echo-Mate: before V250329.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4626

Publication date:

24/03/2026

A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity CVSS v4.0: MEDIUM

Last modification:

08/04/2026

CVE-2026-4731

Publication date:

24/03/2026

Integer Overflow or Wraparound vulnerability in artraweditor ART (‎rtengine‎ modules). This vulnerability is associated with program files dcraw.C. This issue affects ART: before 1.25.12.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4732

Publication date:

24/03/2026

Out-of-bounds Read vulnerability in tildearrow furnace (‎extern/libsndfile-modified/src modules). This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4733

Publication date:

24/03/2026

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-4734

Publication date:

24/03/2026

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C‎. This issue affects modizer: before v4.3.

Severity CVSS v4.0: CRITICAL

Last modification:

24/03/2026

CVE-2026-4625

Publication date:

24/03/2026

A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.

Severity CVSS v4.0: MEDIUM

Last modification:

24/03/2026

CVE-2026-4623

Publication date:

24/03/2026

A security vulnerability has been detected in DefaultFuction Jeson-Customer-Relationship-Management-System up to 1b4679c4d06b90d31dd521c2b000bfdec5a36e00. This affects an unknown function of the file /api/System.php of the component API Module. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The identifier of the patch is f76e7123fe093b8675f88ec8f71725b0dd186310/98bd4eb07fa19d4f2c5228de6395580013c97476. It is suggested to install a patch to address this issue.

Severity CVSS v4.0: MEDIUM

Last modification:

24/03/2026

Subscribe to Vulnerabilities