Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-40682

Publication date:

23/07/2025

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2024-40686

Publication date:

23/07/2025

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2024-41750

Publication date:

23/07/2025

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local, authenticated attacker to bypass client-side enforcement of security to manipulate data.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2024-12310

Publication date:

23/07/2025

A vulnerability in Imprivata Enterprise Access Management (formerly Imprivata OneSign) allows bypassing the login screen of the shared kiosk workstation and allows unauthorized access to the underlying Windows system through the already logged-in autologon account due to insufficient handling of keyboard shortcuts.<br /> This issue affects Imprivata Enterprise Access Management versions 5.3 through 24.2.

Severity CVSS v4.0: HIGH

Last modification:

25/07/2025

CVE-2025-27930

Publication date:

23/07/2025

Zohocorp ManageEngine Applications Manager versions 176600 and prior are vulnerable to stored cross-site scripting in the File/Directory monitor.

Severity CVSS v4.0: Pending analysis

Last modification:

30/09/2025

CVE-2025-53882

Publication date:

23/07/2025

A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1.

Severity CVSS v4.0: MEDIUM

Last modification:

03/09/2025

CVE-2025-41683

Publication date:

23/07/2025

An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to lack of improper sanitizing of user input in the Main Web Interface (endpoint event_mail_test).

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2025

CVE-2025-41684

Publication date:

23/07/2025

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2025

CVE-2025-41687

Publication date:

23/07/2025

An unauthenticated remote attacker may use a stack based buffer overflow in the u-link Management API to gain full access on the affected devices.

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2025

CVE-2025-8070

Publication date:

23/07/2025

The Windows service configuration of ABP and AES contains an unquoted ImagePath registry value vulnerability. This allows a local attacker to execute arbitrary code by placing a malicious executable in a predictable location such as C:\Program.exe. If the service runs with elevated privileges, exploitation results in privilege escalation to SYSTEM level. This vulnerability arises from an unquoted service path affecting systems where the executable resides in a path containing spaces.<br /> Affected products and versions include: ABP 2.0.7.6130 and earlier as well as AES 1.0.6.6133 and earlier.

Severity CVSS v4.0: CRITICAL

Last modification:

25/07/2025

CVE-2025-31701

Publication date:

23/07/2025

A vulnerability has been found in Dahua products.<br /> <br /> Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern.

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2025

CVE-2025-31700

Publication date:

23/07/2025

Severity CVSS v4.0: Pending analysis

Last modification:

25/07/2025

Subscribe to Vulnerabilities