Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-0271
Publication date:
10/06/2026
A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges.<br /> <br /> <br /> <br /> This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0272
Publication date:
10/06/2026
A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with root privileges.<br /> <br /> <br /> <br /> The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .<br /> <br /> <br /> <br /> This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).<br /> <br /> Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0273
Publication date:
10/06/2026
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI.<br /> <br /> The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of administrators and by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .<br /> <br /> This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).<br /> <br /> Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0267
Publication date:
10/06/2026
An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the GlobalProtect app configuration would not normally permit them to do so.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0268
Publication date:
10/06/2026
A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel.<br /> <br /> <br /> <br /> This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0269
Publication date:
10/06/2026
A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate a reboot causes the firewall to enter maintenance mode.<br /> <br /> <br /> <br /> Panorama, Cloud NGFW, and Prisma® Access are not impacted by this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0270
Publication date:
10/06/2026
A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipulate network response traffic via a man-in-the-middle (MITM) attack, to write arbitrary files to the host.
Severity CVSS v4.0: MEDIUM
Last modification:
11/06/2026

CVE-2026-0266
Publication date:
10/06/2026
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. <br /> <br /> This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama (virtual and M-Series).<br /> <br /> Cloud NGFW and Prisma® Access are not affected by this vulnerability.
Severity CVSS v4.0: LOW
Last modification:
11/06/2026

CVE-2022-48575
Publication date:
10/06/2026
A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2026

CVE-2022-26758
Publication date:
10/06/2026
A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2026

CVE-2026-46683
Publication date:
10/06/2026
Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0.
Severity CVSS v4.0: MEDIUM
Last modification:
10/06/2026

CVE-2026-50127
Publication date:
10/06/2026
Weblate is a web based localization tool. From version 5.15 to before version 2026.6, Weblate&amp;#39;s VCS_RESTRICT_PRIVATE did not properly account for some transitional IPv6 ranges, multicast addresses, or some semi-private IPv4 ranges, which allowed some addresses to bypass private range restrictions. This issue has been patched in version 2026.6.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026
Subscribe to Vulnerabilities