Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-6732

Publication date:

26/06/2025

A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity CVSS v4.0: HIGH

Last modification:

08/01/2026

CVE-2015-0842

Publication date:

26/06/2025

yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2015-0843

Publication date:

26/06/2025

yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2015-0849

Publication date:

26/06/2025

pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-5731

Publication date:

26/06/2025

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Severity CVSS v4.0: Pending analysis

Last modification:

08/01/2026

CVE-2025-52555

Publication date:

26/06/2025

Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2013-1440

Publication date:

26/06/2025

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity CVSS v4.0: Pending analysis

Last modification:

26/06/2025

CVE-2014-0468

Publication date:

26/06/2025

Vulnerability in fusionforge in the shipped Apache configuration, where the web server may execute scripts that the users would have uploaded in their raw SCM repositories (SVN, Git, Bzr...). This issue affects fusionforge: before 5.3+20140506.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2014-6274

Publication date:

26/06/2025

git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yes was set, and the remote used encryption=pubkey or encryption=hybrid, the embedded AWS credentials were stored in the git repository in (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2014-7210

Publication date:

26/06/2025

pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.

Severity CVSS v4.0: Pending analysis

Last modification:

06/08/2025

CVE-2025-53122

Publication date:

26/06/2025

Improper Neutralization of Special Elements used in an SQL Command (&#39;SQL Injection&#39;) vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection. Users should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and Horizon installation instructions state that they are intended for installation within an organization&#39;s private networks and should not be directly accessible from the Internet.

Severity CVSS v4.0: MEDIUM

Last modification:

30/06/2025

CVE-2025-5995

Publication date:

26/06/2025

Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation.

Severity CVSS v4.0: MEDIUM

Last modification:

30/06/2025

Subscribe to Vulnerabilities