Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-32468
Publication date:
25/08/2025
A memory corruption vulnerability exists in the BMPv3 Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .bmp file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-29519
Publication date:
25/08/2025
A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
02/09/2025

CVE-2024-46412
Publication date:
25/08/2025
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2025

CVE-2024-46413
Publication date:
25/08/2025
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
Severity CVSS v4.0: Pending analysis
Last modification:
12/09/2025

CVE-2025-54493
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9184 of biosig.c on the current master branch (35a819fa), when the Tag is 131:<br /> <br /> else if (tag==131) //0x83<br /> {<br /> // Patient Age<br /> if (len!=7) fprintf(stderr,"Warning MFER tag131 incorrect length %i!=7\n",len);<br /> curPos += ifread(buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54494
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9205 of biosig.c on the current master branch (35a819fa), when the Tag is 133:<br /> <br /> else if (tag==133) //0x85<br /> {<br /> curPos += ifread(buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54488
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8850 of biosig.c on the current master branch (35a819fa), when the Tag is 13:<br /> <br /> else if (tag==13) {<br /> if (len&gt;8) fprintf(stderr,"Warning MFER tag13 incorrect length %i&gt;8\n",len);<br /> curPos += ifread(&amp;buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54489
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8970 of biosig.c on the current master branch (35a819fa), when the Tag is 63:<br /> <br /> else if (tag==63) {<br /> uint8_t tag2=255, len2=255;<br /> <br /> count = 0;<br /> while ((count
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54490
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9090 of biosig.c on the current master branch (35a819fa), when the Tag is 64:<br /> <br /> else if (tag==64) //0x40<br /> {<br /> // preamble<br /> char tmp[256]; // [1]<br /> curPos += ifread(tmp,1,len,hdr);<br /> <br /> In this case, the overflowed buffer is the newly-declared `tmp` \[1\] instead of `buf`. While `tmp` is larger than `buf`, having a size of 256 bytes, a stack overflow can still occur in cases where `len` is encoded using multiple octets and is greater than 256.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54491
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9191 of biosig.c on the current master branch (35a819fa), when the Tag is 65:<br /> <br /> else if (tag==65) //0x41: patient event<br /> {<br /> // event table<br /> <br /> curPos += ifread(buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54492
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 9141 of biosig.c on the current master branch (35a819fa), when the Tag is 67:<br /> <br /> else if (tag==67) //0x43: Sample skew<br /> {<br /> int skew=0; // [1]<br /> curPos += ifread(&amp;skew, 1, len,hdr);<br /> <br /> In this case, the address of the newly-defined integer `skew` \[1\] is overflowed instead of `buf`. This means a stack overflow can occur using much smaller values of `len` in this code path.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-54483
Publication date:
25/08/2025
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:<br /> <br /> else if (tag==5) //0x05: number of channels<br /> {<br /> uint16_t oldNS=hdr-&gt;NS;<br /> if (len&gt;4) fprintf(stderr,"Warning MFER tag5 incorrect length %i&gt;4\n",len);<br /> curPos += ifread(buf,1,len,hdr);
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities