Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-70047
Publication date:
09/03/2026
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-70046
Publication date:
09/03/2026
An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-70042
Publication date:
09/03/2026
An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2026

CVE-2025-70040
Publication date:
09/03/2026
An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2024-14027
Publication date:
09/03/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/xattr: missing fdput() in fremovexattr error path<br /> <br /> In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a<br /> file reference but returns early without calling fdput() when<br /> strncpy_from_user() fails on the name argument. In multi-threaded processes<br /> where fdget() takes the slow path, this permanently leaks one<br /> file reference per call, pinning the struct file and associated kernel<br /> objects in memory. An unprivileged local user can exploit this to cause<br /> kernel memory exhaustion. The issue was inadvertently fixed by commit<br /> a71874379ec8 ("xattr: switch to CLASS(fd)").
Severity CVSS v4.0: Pending analysis
Last modification:
06/04/2026

CVE-2025-70250
Publication date:
09/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2026

CVE-2025-70243
Publication date:
09/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2026

CVE-2025-70238
Publication date:
09/03/2026
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2026

CVE-2025-70059
Publication date:
09/03/2026
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-69648
Publication date:
09/03/2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-69647
Publication date:
09/03/2026
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2026-3089
Publication date:
09/03/2026
Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments (../) can escape the intended directory and write files outside userFiles.This issue affects prior versions of Actual Sync Server 26.3.0.
Severity CVSS v4.0: MEDIUM
Last modification:
09/04/2026
Subscribe to Vulnerabilities