Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43059
Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers<br /> <br /> Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") introduced<br /> mgmt_pending_valid(), which not only validates the pending command but<br /> also unlinks it from the pending list if it is valid. This change in<br /> semantics requires updates to several completion handlers to avoid list<br /> corruption and memory safety issues.<br /> <br /> This patch addresses two left-over issues from the aforementioned rework:<br /> <br /> 1. In mgmt_add_adv_patterns_monitor_complete(), mgmt_pending_remove()<br /> is replaced with mgmt_pending_free() in the success path. Since<br /> mgmt_pending_valid() already unlinks the command at the beginning of<br /> the function, calling mgmt_pending_remove() leads to a double list_del()<br /> and subsequent list corruption/kernel panic.<br /> <br /> 2. In set_mesh_complete(), the use of mgmt_pending_foreach() in the error<br /> path is removed. Since the current command is already unlinked by<br /> mgmt_pending_valid(), this foreach loop would incorrectly target other<br /> pending mesh commands, potentially freeing them while they are still being<br /> processed concurrently (leading to UAFs). The redundant mgmt_cmd_status()<br /> is also simplified to use cmd-&gt;opcode directly.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-35192
Publication date:
05/05/2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.<br /> Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user&amp;#39;s session after that user visits a cached public page.<br /> Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.<br /> Django would like to thank Cantina for reporting this issue.
Severity CVSS v4.0: LOW
Last modification:
07/05/2026

CVE-2026-39103
Publication date:
05/05/2026
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2026

CVE-2026-34956
Publication date:
05/05/2026
A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2026

CVE-2026-32689
Publication date:
05/05/2026
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport&amp;#39;s NDJSON body handling.<br /> <br /> In &amp;#39;Elixir.Phoenix.Transports.LongPoll&amp;#39;:publish/4, when a POST request is received with Content-Type: application/x-ndjson, the request body is split on newline characters using String.split/2 with no limit on the number of resulting segments. An attacker can send a body consisting entirely of newline bytes, causing a 1:1 amplification into a list of empty binaries — a 1 MB body produces approximately one million list elements, an 8 MB body approximately 8.4 million. Each element is then walked by Enum.map, materializing another list of the same size. This exhausts BEAM memory and schedulers, crashing the node and terminating all active sessions.<br /> <br /> A session token required to reach the vulnerable endpoint is freely obtainable by any client via an unauthenticated GET request to the same URL with a matching Origin header, making this attack effectively unauthenticated.<br /> <br /> This issue affects phoenix: from 1.7.0 before 1.7.22 and 1.8.6.
Severity CVSS v4.0: HIGH
Last modification:
05/05/2026

CVE-2026-34002
Publication date:
05/05/2026
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2026

CVE-2026-31195
Publication date:
05/05/2026
The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2026

CVE-2026-31196
Publication date:
05/05/2026
The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2026

CVE-2026-34000
Publication date:
05/05/2026
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2026

CVE-2025-66369
Publication date:
05/05/2026
An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2025-61669
Publication date:
05/05/2026
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.com`. An attacker can use a crafted login URL to redirect users to a malicious site and facilitate phishing attacks. This issue is fixed in version 2.18.0.
Severity CVSS v4.0: MEDIUM
Last modification:
11/05/2026

CVE-2025-52206
Publication date:
05/05/2026
ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.
Severity CVSS v4.0: Pending analysis
Last modification:
12/05/2026
Subscribe to Vulnerabilities