Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-30173
Publication date:
22/05/2025
File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: MEDIUM
Last modification:
23/05/2025

CVE-2025-2410
Publication date:
22/05/2025
Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2025-30169
Publication date:
22/05/2025
File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: MEDIUM
Last modification:
23/05/2025

CVE-2025-30170
Publication date:
22/05/2025
Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: MEDIUM
Last modification:
23/05/2025

CVE-2025-30171
Publication date:
22/05/2025
System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13931
Publication date:
22/05/2025
Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-52874
Publication date:
22/05/2025
In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2024-9639
Publication date:
22/05/2025
Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2025-2409
Publication date:
22/05/2025
File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13928
Publication date:
22/05/2025
SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13929
Publication date:
22/05/2025
Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: HIGH
Last modification:
23/05/2025

CVE-2024-13930
Publication date:
22/05/2025
An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised<br /> This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03.
Severity CVSS v4.0: MEDIUM
Last modification:
23/05/2025
Subscribe to Vulnerabilities