Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-34524
Publication date:
02/04/2026
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in chat endpoints allows an authenticated attacker to read and delete arbitrary files under their user data root (for example secrets.json and settings.json) by supplying avatar_url="..". This issue has been patched in version 1.17.0.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-34121
Publication date:
02/04/2026
An authentication bypass vulnerability within the HTTP handling of the DS configuration service in TP-Link Tapo C520WS v2.6 was identified, due to inconsistent parsing and authorization logic in JSON requests during authentication check. An unauthenticated attacker can append an authentication-exempt action to a request containing privileged DS do actions, bypassing authorization checks.<br /> <br /> Successful exploitation allows unauthenticated execution of restricted configuration actions, which may result in unauthorized modification of device state.
Severity CVSS v4.0: HIGH
Last modification:
06/04/2026

CVE-2026-34120
Publication date:
02/04/2026
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to<br /> insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker<br /> on the same network segment could trigger heap memory corruption conditions by<br /> sending crafted payloads that cause write operations beyond allocated buffer<br /> boundaries.  Successful exploitation<br /> causes a Denial-of-Service (DoS) condition, causing the device’s process to<br /> crash or become unresponsive.
Severity CVSS v4.0: HIGH
Last modification:
06/04/2026

CVE-2026-34119
Publication date:
02/04/2026
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing<br /> loop<br /> when appending segmented request bodies without<br /> continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker<br /> on the same network segment could trigger heap memory corruption conditions by<br /> sending crafted payloads that cause write operations beyond allocated buffer<br /> boundaries.  Successful exploitation<br /> causes a Denial-of-Service (DoS) condition, causing the device’s process to<br /> crash or become unresponsive.
Severity CVSS v4.0: HIGH
Last modification:
06/04/2026

CVE-2026-34118
Publication date:
02/04/2026
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input.  An attacker<br /> on the same network segment could trigger heap memory corruption conditions by<br /> sending crafted payloads that cause write operations beyond allocated buffer<br /> boundaries.  Successful exploitation<br /> causes a Denial-of-Service (DoS) condition, causing the device’s process to<br /> crash or become unresponsive.
Severity CVSS v4.0: HIGH
Last modification:
06/04/2026

CVE-2026-33271
Publication date:
02/04/2026
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2026

CVE-2026-28728
Publication date:
02/04/2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2026

CVE-2026-32762
Publication date:
02/04/2026
Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwarded_values parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons, a header can be interpreted by Rack as multiple Forwarded directives rather than as a single quoted for value. In deployments where an upstream proxy, WAF, or intermediary validates or preserves quoted Forwarded values differently, this discrepancy can allow an attacker to smuggle host, proto, for, or by parameters through a single header value. This issue has been patched in versions 3.1.21 and 3.2.6.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2026

CVE-2026-27774
Publication date:
02/04/2026
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2026

CVE-2026-26962
Publication date:
02/04/2026
Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename or name instead of removing the folded line break during unfolding. As a result, applications that later reuse those parsed values in HTTP response headers may be vulnerable to downstream header injection or response splitting. This issue has been patched in version 3.2.6.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2026

CVE-2026-5353
Publication date:
02/04/2026
A vulnerability was detected in Trendnet TEW-657BRM 1.00.1. Affected is the function ping_test of the file /setup.cgi. Performing a manipulation of the argument c4_IPAddr results in os command injection. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website&amp;#39;s product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: LOW
Last modification:
29/04/2026

CVE-2026-5354
Publication date:
02/04/2026
A flaw has been found in Trendnet TEW-657BRM 1.00.1. Affected by this vulnerability is the function vpn_connect of the file /setup.cgi. Executing a manipulation of the argument policy_name can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website&amp;#39;s product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer.
Severity CVSS v4.0: LOW
Last modification:
29/04/2026
Subscribe to Vulnerabilities