Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-53631

Publication date:

14/08/2025

flaskBlog is a blog app built with Flask. In versions 2.8.1 and prior, improper sanitization of postContent when submitting POST requests to /createpost leads to arbitrary JavaScript execution (XSS) on all pages the post is reflected on including /, /post/[ID], /admin/posts, and /user/[ID] of the user that made the post. At time of publication, there are no public patches available.

Severity CVSS v4.0: MEDIUM

Last modification:

21/08/2025

CVE-2025-50518

Publication date:

14/08/2025

A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2025-36047

Publication date:

14/08/2025

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources.

Severity CVSS v4.0: Pending analysis

Last modification:

03/11/2025

CVE-2025-33142

Publication date:

14/08/2025

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

Severity CVSS v4.0: Pending analysis

Last modification:

18/08/2025

CVE-2023-43694

Publication date:

14/08/2025

An issue was discovered in Malwarebytes 4.6.14.326 and before and 5.1.5.116 and before (and Nebula 2020-10-21 and later). An Out of bounds read in several disassembling utilities causes stability issues and denial of service.

Severity CVSS v4.0: Pending analysis

Last modification:

15/04/2026

CVE-2025-9041

Publication date:

14/08/2025

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.

Severity CVSS v4.0: HIGH

Last modification:

15/04/2026

CVE-2025-9042

Publication date:

14/08/2025

A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.

Severity CVSS v4.0: HIGH

Last modification:

15/04/2026

CVE-2025-8962

Publication date:

14/08/2025

A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity CVSS v4.0: LOW

Last modification:

29/04/2026

CVE-2025-8964

Publication date:

14/08/2025

A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Severity CVSS v4.0: LOW

Last modification:

29/04/2026

CVE-2025-8876

Publication date:

14/08/2025

Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.

Severity CVSS v4.0: CRITICAL

Last modification:

27/10/2025

CVE-2025-8875

Publication date:

14/08/2025

Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.

Severity CVSS v4.0: CRITICAL

Last modification:

27/10/2025

CVE-2025-7972

Publication date:

14/08/2025

A security issue exists within the FactoryTalk Linx Network Browser. By modifying the process.env.NODE_ENV to ‘development’, the attacker can disable FTSP token validation. This bypass allows access to create, update, and delete FTLinx drivers.

Severity CVSS v4.0: HIGH

Last modification:

29/10/2025

Subscribe to Vulnerabilities