Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-2595
Publication date:
23/04/2025
An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-3529
Publication date:
23/04/2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible for unauthenticated attackers to view potentially sensitive information and download a digital product without paying for it.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-3530
Publication date:
23/04/2025
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to product price manipulation in all versions up to, and including, 5.1.2. This is due to a logic flaw involving the inconsistent use of parameters during the cart addition process. The plugin uses the parameter 'product_tmp_two' for computing a security hash against price tampering while using 'wspsc_product' to display the product, allowing an unauthenticated attacker to substitute details from a cheaper product and bypass payment for a more expensive item.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-0618
Publication date:
23/04/2025
A malicious third party could invoke a persistent denial of service vulnerability in FireEye EDR agent by sending a specially-crafted tamper protection event to the HX service to trigger an exception. This exception will prevent any further tamper protection events from being processed, even after a reboot of HX.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-1056
Publication date:
23/04/2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.<br /> Axis has released a patched version for the highlighted flaw. Please <br /> refer to the Axis security advisory for more information and solution.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-0926
Publication date:
23/04/2025
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.<br /> Axis has released a patched version for the highlighted flaw. Please <br /> refer to the Axis security advisory for more information and solution.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-1021
Publication date:
23/04/2025
Missing authorization vulnerability in synocopy in Synology DiskStation Manager (DSM) before 7.1.1-42962-8, 7.2.1-69057-7 and 7.2.2-72806-3 allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-46216
Publication date:
23/04/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-46217
Publication date:
23/04/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-46218
Publication date:
23/04/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-46219
Publication date:
23/04/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2025-46220
Publication date:
23/04/2025
Rejected reason: Not used
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025
Subscribe to Vulnerabilities