Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-7273
Publication date:
16/06/2026
A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw and potentially execute OS commands via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-42014
Publication date:
16/06/2026
A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-1765
Publication date:
16/06/2026
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-1766
Publication date:
16/06/2026
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-1767
Publication date:
16/06/2026
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-1764
Publication date:
16/06/2026
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12162
Publication date:
16/06/2026
Improper host validation in the social login autofill feature in <br /> Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to <br /> disclose stored social login credentials via a crafted web entry <br /> pointing to a provider lookalike domain.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12161
Publication date:
16/06/2026
Improper input validation in the SSH Elevate Shell feature in <br /> Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user<br /> with permission to create or modify a shared SSH entry to execute <br /> arbitrary commands on a remote SSH host using stored elevation <br /> credentials via a crafted alternate username and user interaction with <br /> the Elevate Shell action.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-9262
Publication date:
16/06/2026
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9258
Publication date:
16/06/2026
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9259
Publication date:
16/06/2026
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9260
Publication date:
16/06/2026
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: MEDIUM
Last modification:
16/06/2026
Subscribe to Vulnerabilities