Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-46080
Publication date:
29/05/2025
HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2025

CVE-2025-37999
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()<br /> <br /> If bio_add_folio() fails (because it is full),<br /> erofs_fileio_scan_folio() needs to submit the I/O request via<br /> erofs_fileio_rq_submit() and allocate a new I/O request with an empty<br /> `struct bio`. Then it retries the bio_add_folio() call.<br /> <br /> However, at this point, erofs_onlinefolio_split() has already been<br /> called which increments `folio-&gt;private`; the retry will call<br /> erofs_onlinefolio_split() again, but there will never be a matching<br /> erofs_onlinefolio_end() call. This leaves the folio locked forever<br /> and all waiters will be stuck in folio_wait_bit_common().<br /> <br /> This bug has been added by commit ce63cb62d794 ("erofs: support<br /> unencoded inodes for fileio"), but was practically unreachable because<br /> there was room for 256 folios in the `struct bio` - until commit<br /> 9f74ae8c9ac9 ("erofs: shorten bvecs[] for file-backed mounts") which<br /> reduced the array capacity to 16 folios.<br /> <br /> It was now trivial to trigger the bug by manually invoking readahead<br /> from userspace, e.g.:<br /> <br /> posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED);<br /> <br /> This should be fixed by invoking erofs_onlinefolio_split() only after<br /> bio_add_folio() has succeeded. This is safe: asynchronous completions<br /> invoking erofs_onlinefolio_end() will not unlock the folio because<br /> erofs_fileio_scan_folio() is still holding a reference to be released<br /> by erofs_onlinefolio_end() at the end.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-37996
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()<br /> <br /> Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the<br /> initialization of the local memcache variable in user_mem_abort()<br /> conditional, leaving a codepath where it is used uninitialized via<br /> kvm_pgtable_stage2_map().<br /> <br /> This can fail on any path that requires a stage-2 allocation<br /> without transition via a permission fault or dirty logging.<br /> <br /> Fix this by making sure that memcache is always valid.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-37995
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> module: ensure that kobject_put() is safe for module type kobjects<br /> <br /> In &amp;#39;lookup_or_create_module_kobject()&amp;#39;, an internal kobject is created<br /> using &amp;#39;module_ktype&amp;#39;. So call to &amp;#39;kobject_put()&amp;#39; on error handling<br /> path causes an attempt to use an uninitialized completion pointer in<br /> &amp;#39;module_kobject_release()&amp;#39;. In this scenario, we just want to release<br /> kobject without an extra synchronization required for a regular module<br /> unloading process, so adding an extra check whether &amp;#39;complete()&amp;#39; is<br /> actually required makes &amp;#39;kobject_put()&amp;#39; safe.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2025-37997
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: ipset: fix region locking in hash types<br /> <br /> Region locking introduced in v5.6-rc4 contained three macros to handle<br /> the region locks: ahash_bucket_start(), ahash_bucket_end() which gave<br /> back the start and end hash bucket values belonging to a given region<br /> lock and ahash_region() which should give back the region lock belonging<br /> to a given hash bucket. The latter was incorrect which can lead to a<br /> race condition between the garbage collector and adding new elements<br /> when a hash type of set is defined with timeouts.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2025-37998
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> openvswitch: Fix unsafe attribute parsing in output_userspace()<br /> <br /> This patch replaces the manual Netlink attribute iteration in<br /> output_userspace() with nla_for_each_nested(), which ensures that only<br /> well-formed attributes are processed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2025-37993
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe<br /> <br /> The spin lock tx_handling_spinlock in struct m_can_classdev is not<br /> being initialized. This leads the following spinlock bad magic<br /> complaint from the kernel, eg. when trying to send CAN frames with<br /> cansend from can-utils:<br /> <br /> | BUG: spinlock bad magic on CPU#0, cansend/95<br /> | lock: 0xff60000002ec1010, .magic: 00000000, .owner: /-1, .owner_cpu: 0<br /> | CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE<br /> | Hardware name: MachineWare SIM-V (DT)<br /> | Call Trace:<br /> | [] dump_backtrace+0x1c/0x24<br /> | [] show_stack+0x28/0x34<br /> | [] dump_stack_lvl+0x4a/0x68<br /> | [] dump_stack+0x14/0x1c<br /> | [] spin_dump+0x62/0x6e<br /> | [] do_raw_spin_lock+0xd0/0x142<br /> | [] _raw_spin_lock_irqsave+0x20/0x2c<br /> | [] m_can_start_xmit+0x90/0x34a<br /> | [] dev_hard_start_xmit+0xa6/0xee<br /> | [] sch_direct_xmit+0x114/0x292<br /> | [] __dev_queue_xmit+0x3b0/0xaa8<br /> | [] can_send+0xc6/0x242<br /> | [] raw_sendmsg+0x1a8/0x36c<br /> | [] sock_write_iter+0x9a/0xee<br /> | [] vfs_write+0x184/0x3a6<br /> | [] ksys_write+0xa0/0xc0<br /> | [] __riscv_sys_write+0x14/0x1c<br /> | [] do_trap_ecall_u+0x168/0x212<br /> | [] handle_exception+0x146/0x152<br /> <br /> Initializing the spin lock in m_can_class_allocate_dev solves that<br /> problem.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-33043
Publication date:
29/05/2025
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-37994
Publication date:
29/05/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: ucsi: displayport: Fix NULL pointer access<br /> <br /> This patch ensures that the UCSI driver waits for all pending tasks in the<br /> ucsi_displayport_work workqueue to finish executing before proceeding with<br /> the partner removal.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2025-48046
Publication date:
29/05/2025
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026

CVE-2025-48047
Publication date:
29/05/2025
An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint.
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2025-48045
Publication date:
29/05/2025
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
Severity CVSS v4.0: HIGH
Last modification:
15/04/2026
Subscribe to Vulnerabilities