Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-61990
Publication date:
15/10/2025
When using a multi-bladed platform with more than one blade, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
21/10/2025

CVE-2025-53860
Publication date:
15/10/2025
A vulnerability exists in F5OS-A software that allows a highly privileged authenticated attacker to access sensitive FIPS hardware security module (HSM) information on F5 rSeries systems.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: MEDIUM
Last modification:
21/10/2025

CVE-2025-57780
Publication date:
15/10/2025
A vulnerability exists in F5OS-A and F5OS-C system that may allow an authenticated attacker with local access to escalate their privileges.  A successful exploit may allow the attacker to cross a security boundary.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: HIGH
Last modification:
21/10/2025

CVE-2025-2529
Publication date:
15/10/2025
Applications using affected versions of Ehcache 3.x can experience degraded cache-write performance if the application using Ehcache utilizes keys sourced from (malicious) external parties in an unfiltered/unsalted way.
Severity CVSS v4.0: Pending analysis
Last modification:
14/01/2026

CVE-2025-9548
Publication date:
15/10/2025
A potential null pointer dereference vulnerability was reported in the Lenovo Power Management Driver that could allow a local authenticated user to cause a Windows blue screen error.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025

CVE-2025-6026
Publication date:
15/10/2025
An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data.
Severity CVSS v4.0: LOW
Last modification:
21/10/2025

CVE-2025-8486
Publication date:
15/10/2025
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: HIGH
Last modification:
02/02/2026

CVE-2025-55083
Publication date:
15/10/2025
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
Severity CVSS v4.0: MEDIUM
Last modification:
21/10/2025

CVE-2025-56748
Publication date:
15/10/2025
Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset tokens and compromise user accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2025

CVE-2025-56749
Publication date:
15/10/2025
Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2025

CVE-2025-10699
Publication date:
15/10/2025
A vulnerability was reported in the Lenovo LeCloud client application that, under certain conditions, could allow information disclosure.
Severity CVSS v4.0: MEDIUM
Last modification:
16/10/2025

CVE-2025-10581
Publication date:
15/10/2025
A potential DLL hijacking vulnerability was discovered in the Lenovo PC Manager during an internal security assessment that could allow a local authenticated user to execute code with elevated privileges.
Severity CVSS v4.0: HIGH
Last modification:
02/02/2026
Subscribe to Vulnerabilities