Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-6558
Publication date:
15/07/2025
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2025

CVE-2025-53959
Publication date:
15/07/2025
In JetBrains YouTrack before 2025.2.86069, <br /> 2024.3.85077, <br /> 2025.1.86199 email spoofing via an administrative API was possible
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2025

CVE-2025-53895
Publication date:
15/07/2025
ZITADEL is an open source identity management system. Starting in version 2.53.0 and prior to versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14, vulnerability in ZITADEL&amp;#39;s session management API allows any authenticated user to update a session if they know its ID, due to a missing permission check. This flaw enables session hijacking, allowing an attacker to impersonate another user and access sensitive resources. Versions prior to `2.53.0` are not affected, as they required the session token for updates. Versions 4.0.0-rc.2, 3.3.2, 2.71.13, and 2.70.14 fix the issue.
Severity CVSS v4.0: HIGH
Last modification:
26/08/2025

CVE-2025-26186
Publication date:
15/07/2025
SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2025

CVE-2025-50819
Publication date:
15/07/2025
Directory traversal vulnerability in beiyuouo arxiv-daily thru 2025-05-06 (commit fad168770b0e68aef3e5acfa16bb2e7a7765d687) when parsing the the topic.yml file in the generation logic in daily_arxiv.py.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2025

CVE-2025-52080
Publication date:
15/07/2025
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the share_name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2025-52081
Publication date:
15/07/2025
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow vulnerability exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the usb_folder parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
12/08/2025

CVE-2025-52082
Publication date:
15/07/2025
In Netgear XR300 V1.0.3.38_10.3.30, a stack-based buffer overflow exists in the HTTPD service through the usb_device.cgi endpoint. The vulnerability occurs when processing POST requests containing the read_access parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2024-42650
Publication date:
15/07/2025
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2025

CVE-2025-7042
Publication date:
15/07/2025
Use After Free vulnerability exists in the IPT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted IPT file.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2025

CVE-2025-6973
Publication date:
15/07/2025
Use After Free vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2025

CVE-2025-6974
Publication date:
15/07/2025
Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file.
Severity CVSS v4.0: Pending analysis
Last modification:
15/07/2025
Subscribe to Vulnerabilities