Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-54462
Publication date:
25/08/2025
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54480
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:<br /> <br /> if (tag==0) {<br /> if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len);<br /> curPos += ifread(buf,1,len,hdr);<br /> }
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54481
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:<br /> <br /> else if (tag==3) {<br /> // character code<br /> char v[17]; // [1]<br /> if (len&gt;16) fprintf(stderr,"Warning MFER tag2 incorrect length %i&gt;16\n",len);<br /> curPos += ifread(&amp;v,1,len,hdr);<br /> v[len] = 0;<br /> <br /> In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54482
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:<br /> <br /> else if (tag==4) {<br /> // SPR<br /> if (len&gt;4) fprintf(stderr,"Warning MFER tag4 incorrect length %i&gt;4\n",len);<br /> curPos += ifread(buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-52581
Publication date:
25/08/2025
An integer overflow vulnerability exists in the GDF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted GDF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-53511
Publication date:
25/08/2025
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-53518
Publication date:
25/08/2025
An integer overflow vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ABF file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-53557
Publication date:
25/08/2025
A heap-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-53853
Publication date:
25/08/2025
A heap-based buffer overflow vulnerability exists in the ISHNE parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted ISHNE ECG annotations file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-45968
Publication date:
25/08/2025
An issue in System PDV v1.0 allows a remote attacker to obtain sensitive information via the hash parameter in a URL. The application contains an Insecure Direct Object Reference (IDOR) vulnerability, which occurs due to a lack of proper authorization checks when accessing objects referenced by this parameter. This allows direct access to other users&amp;#39; data or internal resources without proper permission. Successful exploitation of this flaw may result in the exposure of sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
21/10/2025

CVE-2025-46411
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-48005
Publication date:
25/08/2025
A heap-based buffer overflow vulnerability exists in the RHS2000 parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted RHS2000 file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities