Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-1262
Publication date:
25/03/2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information disclosure vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2026-1561
Publication date:
25/03/2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is vulnerable to server-side request forgery (SSRF). This may allow remote attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-36422
Publication date:
25/03/2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 IBM InfoSphere DataStage Flow Designer is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-36438
Publication date:
25/03/2026
IBM Concert 1.0.0 through 2.2.0 could allow a privileged user to perform unauthorized actions due to improper restriction of channel communication to intended endpoints.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-36440
Publication date:
25/03/2026
IBM Concert 1.0.0 through 2.2.0 could allow a local user to obtain sensitive information due to missing function level access control.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-64646
Publication date:
25/03/2026
IBM Concert 1.0.0 through 2.2.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-64647
Publication date:
25/03/2026
IBM Concert 1.0.0 through 2.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-64648
Publication date:
25/03/2026
IBM Concert 1.0.0 through 2.2.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-14912
Publication date:
25/03/2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-14915
Publication date:
25/03/2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty is affected by privilege escalation. A privileged user could gain additional access to the application server.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-14917
Publication date:
25/03/2026
IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expected security when administering security settings.
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026

CVE-2025-14974
Publication date:
25/03/2026
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable due to Insecure Direct Object Reference (IDOR).
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2026
Subscribe to Vulnerabilities