Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-63593
Publication date:
03/11/2025
Grav CMS1.7.49.5 is vulnerable to Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2025

CVE-2025-50735
Publication date:
03/11/2025
Directory traversal vulnerability in NextChat thru 2.16.0 due to the WebDAV proxy failing to canonicalize or reject dot path segments in its catch-all route, allowing attackers to gain sensitive information via authenticated or anonymous WebDAV endpoints.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2025

CVE-2025-12531
Publication date:
03/11/2025
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2025

CVE-2025-12642
Publication date:
03/11/2025
lighttpd1.4.80 incorrectly merged trailer fields into headers after http request parsing. This behavior can be exploited to conduct HTTP Header Smuggling attacks.<br /> <br /> Successful exploitation may allow an attacker to:<br /> <br /> * Bypass access control rules<br /> * Inject unsafe input into backend logic that trusts request headers<br /> * Execute HTTP Request Smuggling attacks under some conditions<br /> <br /> <br /> This issue affects lighttpd1.4.80
Severity CVSS v4.0: MEDIUM
Last modification:
12/11/2025

CVE-2025-8558
Publication date:
03/11/2025
Insider Threat Management (ITM) Server versions prior to 7.17.2 contain an authentication bypass vulnerability that allows unauthenticated users on an adjacent network to perform agent unregistration when the number of registered agents exceeds the licensed limit. Successful exploitation prevents the server from receiving new events from affected agents, resulting in a partial loss of integrity and availability with no impact to confidentiality.
Severity CVSS v4.0: LOW
Last modification:
07/11/2025

CVE-2025-45959
Publication date:
03/11/2025
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-50363
Publication date:
03/11/2025
Phpgurukul Maid Hiring Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in /maid-hiring.php va the name field.
Severity CVSS v4.0: Pending analysis
Last modification:
05/11/2025

CVE-2025-63441
Publication date:
03/11/2025
Open Source Social Network (OSSN) 8.6 is vulnerable to Cross Site Scripting (XSS) via the parameter param` at endpoint u/administrator/friends.
Severity CVSS v4.0: Pending analysis
Last modification:
04/02/2026

CVE-2025-10280
Publication date:
03/11/2025
IdentityIQ<br /> 8.5, IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p4, IdentityIQ 8.3 and<br /> all 8.3 patch levels including 8.3p5, and all prior versions allows some<br /> IdentityIQ web services that provide non-HTML content to be accessed via a URL<br /> path that will set the Content-Type to HTML allowing a requesting browser to<br /> interpret content not properly escaped to prevent Cross-Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2025

CVE-2025-11953
Publication date:
03/11/2025
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2026

CVE-2025-12463
Publication date:
03/11/2025
An unauthenticated SQL Injection was discovered within the Geutebruck G-Cam E-Series Cameras through the `Group` parameter in the `/uapi-cgi/viewer/Param.cgi` script. This has been confirmed on the EFD-2130 camera running firmware version 1.12.0.19.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-63449
Publication date:
03/11/2025
Water Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /orders.php.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2025
Subscribe to Vulnerabilities