Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-40311
Publication date:
13/04/2026
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-22563
Publication date:
13/04/2026
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.<br /> <br /> Affected Products:<br /> UniFi Play PowerAmp (Version 1.0.35 and earlier)
<br /> UniFi Play Audio Port  (Version 1.0.24 and earlier)
 <br /> <br /> Mitigation:<br /> Update UniFi Play PowerAmp to Version 1.0.38 or later
<br /> Update UniFi Play Audio Port  to Version 1.1.9 or later
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-22564
Publication date:
13/04/2026
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 <br /> <br /> Affected Products:<br /> UniFi Play PowerAmp (Version 1.0.35 and earlier)
<br /> UniFi Play Audio Port  (Version 1.0.24 and earlier)
 <br /> <br /> Mitigation:<br /> Update UniFi Play PowerAmp to Version 1.0.38 or later
<br /> Update UniFi Play Audio Port  to Version 1.1.9 or later
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-22565
Publication date:
13/04/2026
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 <br /> <br /> Affected Products:<br /> UniFi Play PowerAmp (Version 1.0.35 and earlier)
<br /> UniFi Play Audio Port  (Version 1.0.24 and earlier)
 <br /> <br /> Mitigation:<br /> Update UniFi Play PowerAmp to Version 1.0.38 or later
<br /> Update UniFi Play Audio Port  to Version 1.1.9 or later
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-22566
Publication date:
13/04/2026
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 <br /> <br /> Affected Products:<br /> UniFi Play PowerAmp (Version 1.0.35 and earlier)
<br /> UniFi Play Audio Port  (Version 1.0.24 and earlier)
 <br /> <br /> Mitigation:<br /> Update UniFi Play PowerAmp to Version 1.0.38 or later
<br /> Update UniFi Play Audio Port  to Version 1.1.9 or later
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-33902
Publication date:
13/04/2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick&amp;#39;s FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-33905
Publication date:
13/04/2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an specific offset is set through the `sample:offset` define that could lead to an out of bounds read. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-33908
Publication date:
13/04/2026
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyXMLTree()` function; however, this process is executed recursively with no depth limit imposed. When Magick processes an XML file with deeply nested structures, it will exhaust the stack memory, resulting in a Denial of Service (DoS) attack. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-22562
Publication date:
13/04/2026
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code execution (RCE).<br /> <br /> Affected Products:<br /> UniFi Play PowerAmp (Version 1.0.35 and earlier)
UniFi Play Audio Port  (Version 1.0.24 and earlier)
 <br /> Mitigation:<br /> Update UniFi Play PowerAmp to Version 1.0.38 or later
Update UniFi Play Audio Port  to Version 1.1.9 or later
Severity CVSS v4.0: Pending analysis
Last modification:
13/04/2026

CVE-2026-6216
Publication date:
13/04/2026
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such manipulation of the argument applicationIcon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 7.1.5 mitigates this issue. It is advisable to upgrade the affected component.
Severity CVSS v4.0: MEDIUM
Last modification:
13/04/2026

CVE-2026-6218
Publication date:
13/04/2026
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.
Severity CVSS v4.0: MEDIUM
Last modification:
13/04/2026

CVE-2026-6219
Publication date:
13/04/2026
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
Severity CVSS v4.0: MEDIUM
Last modification:
13/04/2026
Subscribe to Vulnerabilities