Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-4777

Publication date:

24/03/2026

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

Severity CVSS v4.0: MEDIUM

Last modification:

24/03/2026

CVE-2026-3889

Publication date:

24/03/2026

Spoofing issue in Thunderbird. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-3912

Publication date:

24/03/2026

Injection vulnerabilities due to validation/sanitisation of user-supplied input in ActiveMatrix BusinessWorks and Enterprise Administrator allows information disclosure, including exposure of accessible local files and host system details, and may allow manipulation of application behaviour.

Severity CVSS v4.0: HIGH

Last modification:

24/03/2026

CVE-2026-4371

Publication date:

24/03/2026

A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser to malfunction, potentially crashing Thunderbird or leaking sensitive data. This vulnerability affects Thunderbird

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-4433

Publication date:

24/03/2026

An SSH misconfigurations exists in Tenable OT that led to the potential exfiltration of socket, port, and service information via the ostunnel user and GatewayPorts. This could be used to potentially glean information about the underlying system and give an attacker information that could be used to attempt to compromise the host.

Severity CVSS v4.0: MEDIUM

Last modification:

24/03/2026

CVE-2026-24159

Publication date:

24/03/2026

NVIDIA NeMo Framework contains a vulnerability where an attacker may cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-33215

Publication date:

24/03/2026

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issue. No known workarounds are available.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-24141

Publication date:

24/03/2026

NVIDIA Model Optimizer for Windows and Linux contains a vulnerability in the ONNX quantization feature, where a user could cause unsafe deserialization by providing a specially crafted input file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-24150

Publication date:

24/03/2026

NVIDIA Megatron-LM contains a vulnerability in checkpoint loading where an Attacker may cause an RCE by convincing a user to load a maliciously crafted file. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-24151

Publication date:

24/03/2026

NVIDIA Megatron-LM contains a vulnerability in inferencing where an Attacker may cause an RCE by convincing a user to load a maliciously crafted input. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-24152

Publication date:

24/03/2026

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

CVE-2026-24157

Publication date:

24/03/2026

NVIDIA NeMo Framework contains a vulnerability in checkpoint loading where an attacker could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure and data tampering.

Severity CVSS v4.0: Pending analysis

Last modification:

24/03/2026

Subscribe to Vulnerabilities