Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-2845
Publication date:
09/04/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
09/04/2025

CVE-2025-32386
Publication date:
09/04/2025
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2025

CVE-2025-32387
Publication date:
09/04/2025
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
Severity CVSS v4.0: Pending analysis
Last modification:
03/09/2025

CVE-2025-24375
Publication date:
09/04/2025
Charmed MySQL K8s operator is a Charmed Operator for running MySQL on Kubernetes. Before revision 221, the method for calling a SQL DDL or python based mysql-shell scripts can leak database users credentials. The method mysql-operator calls mysql-shell application rely on writing to a temporary script file containing the full URI, with user and password. The file can be read by a unprivileged user during the operator runtime, due it being created with read permissions (0x644). On other cases, when calling mysql cli, for one specific case when creating the operator users, the DDL contains said users credentials, which can be leak through the same mechanism of a temporary file. All versions prior to revision 221 for kubernetes and revision 338 for machine operators.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-29018
Publication date:
09/04/2025
A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2025

CVE-2025-30659
Publication date:
09/04/2025
An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart.<br /> This issue affects Junos OS on SRX Series:<br /> <br /> <br /> <br /> * All 21.4 versions,<br /> * 22.2 versions before 22.2R3-S6,<br /> * 22.4 versions before 22.4R3-S6,<br /> * 23.2 versions before 23.2R2-S3,<br /> * 23.4 versions before 23.4R2-S4,<br /> * 24.2 versions before 24.2R2.<br /> <br /> <br /> <br /> <br /> This issue does not affect versions before 21.4.
Severity CVSS v4.0: HIGH
Last modification:
23/01/2026

CVE-2025-30660
Publication date:
09/04/2025
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. <br /> <br /> <br /> <br /> When this issue occurs the following logs can be observed:<br /> <br /> MQSS(0): LI-3: Received a parcel with more than 512B accompanying data <br /> CHASSISD_FPC_ASIC_ERROR: ASIC Error detected <br /> <br /> <br /> This issue affects Junos OS:<br /> <br /> * all versions before 21.2R3-S9,<br /> * 21.4 versions before 21.4R3-S8,<br /> * 22.2 versions before 22.2R3-S4,<br /> * 22.4 versions before 22.4R3-S5,<br /> * 23.2 versions before 23.2R2-S2,<br /> * 23.4 versions before 23.4R2.
Severity CVSS v4.0: HIGH
Last modification:
23/01/2026

CVE-2025-30653
Publication date:
09/04/2025
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.<br /> <br /> This issue affects:<br /> <br /> Junos OS:<br /> <br /> <br /> <br /> * All versions before 22.2R3-S4,<br /> <br /> * 22.4 versions before 22.4R3-S2,<br /> <br /> * 23.2 versions before 23.2R2,<br /> <br /> * 23.4 versions before 23.4R2.<br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved:<br /> <br /> <br /> <br /> * All versions before 22.2R3-S4-EVO,<br /> <br /> * 22.4-EVO versions before 22.4R3-S2-EVO,<br /> <br /> * 23.2-EVO versions before 23.2R2-EVO,<br /> <br /> * 23.4-EVO versions before 23.4R2-EVO.
Severity CVSS v4.0: MEDIUM
Last modification:
23/01/2026

CVE-2025-30654
Publication date:
09/04/2025
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. <br /> <br /> Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system.<br /> <br /> <br /> This issue affects Junos OS:  * All versions before 21.4R3-S10,<br /> * from 22.2 before 22.2R3-S5,<br /> * from 22.4 before 22.4R3-S5, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2-S3.<br /> <br /> <br /> <br /> <br /> <br /> Junos OS Evolved: <br /> <br /> * All versions before 21.4R3-S10-EVO,<br /> * from 22.2-EVO before 22.2R3-S6-EVO, <br /> * from 22.4-EVO before 22.4R3-S5-EVO, <br /> * from 23.2-EVO before 23.2R2-S3-EVO, <br /> * from 23.4-EVO before 23.4R2-S3-EVO.
Severity CVSS v4.0: MEDIUM
Last modification:
23/01/2026

CVE-2025-30655
Publication date:
09/04/2025
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS).<br /> <br /> When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition. <br /> <br /> The device is only affected if BGP RIB sharding and update-threading is enabled.<br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S9, <br /> * from 21.4 before 21.4R3-S8,<br /> * from 22.2 before 22.2R3-S6, <br /> * from 22.4 before 22.4R3-S2, <br /> * from 23.2 before 23.2R2-S3, <br /> * from 23.4 before 23.4R2.<br /> <br /> <br /> and Junos OS Evolved: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S9-EVO, <br /> * from 21.4-EVO before 21.4R3-S8-EVO, <br /> * from 22.2-EVO before 22.2R3-S6-EVO, <br /> * from 22.4-EVO before 22.4R3-S2-EVO, <br /> * from 23.2-EVO before 23.2R2-S3-EVO, <br /> * from 23.4-EVO before 23.4R2-EVO.
Severity CVSS v4.0: MEDIUM
Last modification:
23/01/2026

CVE-2025-30656
Publication date:
09/04/2025
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.<br /> <br /> <br /> <br /> <br /> This issue affects Junos OS on MX Series and SRX Series: <br /> <br /> * all versions before 21.2R3-S9,<br /> * 21.4 versions before 21.4R3-S10,<br /> * 22.2 versions before 22.2R3-S6,<br /> * 22.4 versions before 22.4R3-S5,<br /> * 23.2 versions before 23.2R2-S3,<br /> * 23.4 versions before 23.4R2-S3,<br /> * 24.2 versions before 24.2R1-S2, 24.2R2.
Severity CVSS v4.0: HIGH
Last modification:
23/01/2026

CVE-2025-30657
Publication date:
09/04/2025
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).<br /> <br /> When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it&amp;#39;s sent to SRRD it&amp;#39;s encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.<br /> This issue affects Junos OS: <br /> <br /> <br /> <br /> * All versions before 21.2R3-S9,<br /> * 21.4 versions before 21.4R3-S10,<br /> * 22.2 versions before 22.2R3-S6,<br /> * 22.4 versions before 22.4R3,<br /> * 23.2 versions before 23.2R1-S2, 23.2R2.<br /> <br /> <br /> <br /> This issue does not affected Junos OS Evolved.
Severity CVSS v4.0: MEDIUM
Last modification:
23/01/2026
Subscribe to Vulnerabilities