Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-12093
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2025

CVE-2024-54188
Publication date:
22/05/2025
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2025

CVE-2025-0605
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2025-5077
Publication date:
22/05/2025
A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
28/05/2025

CVE-2025-5078
Publication date:
22/05/2025
A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
29/09/2025

CVE-2025-4979
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating their own variable and observing the HTTP response.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2025

CVE-2025-5076
Publication date:
22/05/2025
A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
23/06/2025

CVE-2025-4575
Publication date:
22/05/2025
Issue summary: Use of -addreject option with the openssl x509 application adds<br /> a trusted use instead of a rejected use for a certificate.<br /> <br /> Impact summary: If a user intends to make a trusted certificate rejected for<br /> a particular use it will be instead marked as trusted for that use.<br /> <br /> A copy &amp; paste error during minor refactoring of the code introduced this<br /> issue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate<br /> should be trusted only for the purpose of authenticating TLS servers but not<br /> for CMS signature verification and the CMS signature verification is intended<br /> to be marked as rejected with the -addreject option, the resulting CA<br /> certificate will be trusted for CMS signature verification purpose instead.<br /> <br /> Only users which use the trusted certificate format who use the openssl x509<br /> command line application to add rejected uses are affected by this issue.<br /> The issues affecting only the command line application are considered to<br /> be Low severity.<br /> <br /> The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this<br /> issue.<br /> <br /> OpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this<br /> issue.
Severity CVSS v4.0: Pending analysis
Last modification:
23/10/2025

CVE-2025-1110
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2025-2853
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2025-3111
Publication date:
22/05/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of service..
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2025

CVE-2023-47466
Publication date:
22/05/2025
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2026
Subscribe to Vulnerabilities