Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-61536
Publication date:
16/10/2025
FelixRiddle dev-jobs-handlebars 1.0 uses absolute password-reset (magic) links using the untrusted `req.headers.host` header and forces the `http://` scheme. An attacker who can control the `Host` header (or exploit a misconfigured proxy/load-balancer that forwards the header unchanged) can cause reset links to point to attacker-controlled domains or be delivered via insecure HTTP, enabling token theft, phishing, and account takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-61540
Publication date:
16/10/2025
SQL injection vulnerability in Ultimate PHP Board 2.2.7 via the username field in lostpassword.php.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2025

CVE-2025-61543
Publication date:
16/10/2025
A Host Header Injection vulnerability exists in the password reset functionality of CraftMyCMS 4.0.2.2. The system uses `$_SERVER['HTTP_HOST']` directly to construct password reset links sent via email. An attacker can manipulate the Host header to send malicious reset links, enabling phishing attacks or account takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-61539
Publication date:
16/10/2025
Cross site scripting (XSS) vulnerability in Ultimate PHP Board 2.2.7 via the u_name parameter in lostpassword.php.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2025

CVE-2025-61541
Publication date:
16/10/2025
Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality (forgot_send.cgi). The reset link sent to users is constructed using the HTTP Host header via get_webmin_email_url(). An attacker can manipulate the Host header to inject a malicious domain into the reset email. If a victim follows the poisoned link, the attacker can intercept the reset token and gain full control of the target account.
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2025

CVE-2025-41253
Publication date:
16/10/2025
The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers.<br /> <br /> An application should be considered vulnerable when all the following are true:<br /> <br /> * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable).<br /> * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes.<br /> * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte.<br /> * The actuator endpoints are available to attackers.<br /> * The actuator endpoints are unsecured.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-41254
Publication date:
16/10/2025
STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages.<br /> <br /> Affected Spring Products and VersionsSpring Framework:<br /> <br /> * 6.2.0 - 6.2.11<br /> * 6.1.0 - 6.1.23<br /> * 6.0.x - 6.0.29<br /> * 5.3.0 - 5.3.45<br /> * Older, unsupported versions are also affected.<br /> <br /> <br /> MitigationUsers of affected versions should upgrade to the corresponding fixed version.<br /> <br /> Affected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary.<br /> <br /> CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-36002
Publication date:
16/10/2025
IBM Sterling B2B Integrator 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM Sterling File Gateway 6.2.0.0 through 6.2.0.5, and 6.2.1.0 stores user credentials in configuration files which can be read by a local user.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2025

CVE-2025-22381
Publication date:
16/10/2025
Aggie 2.6.1 has a Host Header injection vulnerability in the forgot password functionality, allowing an attacker to reset a user&amp;#39;s password.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2026

CVE-2025-54658
Publication date:
16/10/2025
An Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability [CWE-22] in Fortinet FortiDLP Agent&amp;#39;s Outlookproxy plugin for MacOS 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to Root via sending a crafted request to a local listening port.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-53951
Publication date:
16/10/2025
An Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability [CWE-22] in Fortinet FortiDLP Agent&amp;#39;s Outlookproxy plugin for Windows 11.5.1 and 11.4.2 through 11.4.6 and 11.3.2 through 11.3.4 and 11.2.0 through 11.2.3 and 11.1.1 through 11.1.2 and 11.0.1 and 10.5.1 and 10.4.0, and 10.3.1 may allow an authenticated attacker to escalate their privilege to LocalService via sending a crafted request to a local listening port.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025

CVE-2025-46752
Publication date:
16/10/2025
A insertion of sensitive information into log file in Fortinet FortiDLP 12.0.0 through 12.0.5, 11.5.1, 11.4.6, 11.4.5 allows attacker to information disclosure via re-using the enrollment code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2025
Subscribe to Vulnerabilities