Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-25588
Publication date:
05/05/2026
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE command. An authenticated attacker with permission to execute RESTORE on a server with the RedisTimeSeries module loaded can supply a crafted serialized payload that triggers invalid memory access and may lead to remote code execution. A workaround is to restrict access to the RESTORE command with ACL rules. This has been patched in version 1.12.14.
Severity CVSS v4.0: HIGH
Last modification:
07/05/2026

CVE-2026-23479
Publication date:
05/05/2026
Redis is an in-memory data structure store. In redis-server from 7.2.0 until 8.6.3, the unblock client flow does not handle an error return from `processCommandAndResetClient` when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can trigger a use-after-free that may lead to remote code execution. This has been patched in version 8.6.3.
Severity CVSS v4.0: HIGH
Last modification:
06/05/2026

CVE-2026-7845
Publication date:
05/05/2026
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste_image.image_data causes use of weak hash. The attacker needs to be present on the local network. The attack is considered to have high complexity. The exploitability is assessed as difficult. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity CVSS v4.0: LOW
Last modification:
05/05/2026

CVE-2026-7844
Publication date:
05/05/2026
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results in missing authentication. The attacker must have access to the local network to execute the attack. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity CVSS v4.0: LOW
Last modification:
05/05/2026

CVE-2026-7846
Publication date:
05/05/2026
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to time-of-check time-of-use. Access to the local network is required for this attack to succeed. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity CVSS v4.0: LOW
Last modification:
05/05/2026

CVE-2026-7865
Publication date:
05/05/2026
A hidden console command is vulnerable to command injection<br /> flaw when control characters are passed to its second argument. <br /> <br /> A third party researcher Eugene Lim had discovered vulnerability<br /> in the way console command passes to a popen function call. Attackers with<br /> authenticated access to SSH console of Crestron devices may use to run<br /> underlying OS commands.
Severity CVSS v4.0: HIGH
Last modification:
07/05/2026

CVE-2026-7411
Publication date:
05/05/2026
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal attack. By supplying a maliciously crafted fileName parameter during a file upload operation, an attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process. This can lead to Remote Code Execution (RCE) and complete system compromise.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-7412
Publication date:
05/05/2026
In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker can exploit this design flaw to force the BaSyx server to execute blind HTTP POST requests to arbitrary internal or external targets. This allows an attacker to bypass network segmentation and pivot into isolated internal IT/OT infrastructure or target Cloud Metadata services (IMDS).
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-6907
Publication date:
05/05/2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.<br /> `django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`&amp;#39;*&amp;#39;`). This can lead to private data being stored and served.<br /> Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.<br /> Django would like to thank Ahmad Sadeddin for reporting this issue.
Severity CVSS v4.0: LOW
Last modification:
07/05/2026

CVE-2026-5766
Publication date:
05/05/2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.<br /> ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially loading large files into memory and causing service degradation.<br /> <br /> As a reminder, Django expects a limit to be configured at the web server level rather than solely relying on `FILE_UPLOAD_MAX_MEMORY_SIZE`.<br /> Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.<br /> Django would like to thank Kyle Agronick for reporting this issue.
Severity CVSS v4.0: MEDIUM
Last modification:
07/05/2026

CVE-2026-43069
Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_ll: Fix firmware leak on error path<br /> <br /> Smatch reports:<br /> <br /> drivers/bluetooth/hci_ll.c:587 download_firmware() warn:<br /> &amp;#39;fw&amp;#39; from request_firmware() not released on lines: 544.<br /> <br /> In download_firmware(), if request_firmware() succeeds but the returned<br /> firmware content is invalid (no data or zero size), the function returns<br /> without releasing the firmware, resulting in a resource leak.<br /> <br /> Fix this by calling release_firmware() before returning when<br /> request_firmware() succeeded but the firmware content is invalid.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43072
Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vc4: platform_get_irq_byname() returns an int<br /> <br /> platform_get_irq_byname() will return a negative value if an error<br /> happens, so it should be checked and not just passed directly into<br /> devm_request_threaded_irq() hoping all will be ok.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026
Subscribe to Vulnerabilities