Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-58455
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-59482
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-59487
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code. The vulnerability arises from improper validation of a packet field whose offset is used to determine the write location in memory. By crafting a packet with a manipulated field offset, an attacker can redirect writes to arbitrary memory locations.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-61944
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-61983
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing an excessive number of fields with zero‑length values.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-62404
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-62405
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code via a specially crafted network packet containing a field whose length exceeds the maximum expected value.This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026

CVE-2025-52623
Publication date:
03/02/2026
HCL AION is affected by an Autocomplete HTML Attribute Not Disabled for Password Field vulnerability. This can allow autocomplete on password fields may lead to unintended storage or disclosure of sensitive credentials, potentially increasing the risk of unauthorized access. This issue affects AION: 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2026

CVE-2025-52628
Publication date:
03/02/2026
HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site request forgery and related security risks. This issue affects AION: 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2026

CVE-2025-52631
Publication date:
03/02/2026
HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2026

CVE-2025-52633
Publication date:
03/02/2026
HCL AION is affected by a Permanent Cookie Containing Sensitive Session Information vulnerability. It is storing sensitive session data in persistent cookies may increase the risk of unauthorized access if the cookies are intercepted or compromised. This issue affects AION: 2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2026

CVE-2025-58077
Publication date:
03/02/2026
Heap-based Buffer Overflow vulnerability in TP-Link Archer AX53 v1.0 (tmpserver modules) allows authenticated adjacent attackers to cause a segmentation fault or potentially execute arbitrary code<br /> <br /> via a specially crafted set of network packets containing an excessive number of host entries<br /> <br /> This issue affects Archer AX53 v1.0: through 1.3.1 Build 20241120.
Severity CVSS v4.0: HIGH
Last modification:
03/02/2026
Subscribe to Vulnerabilities