Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-6001
Publication date:
11/06/2025
A Cross-Site Request Forgery (CSRF) vulnerability exists in the product image upload function of VirtueMart that bypasses the CSRF protection token. An attacker is able to craft a special CSRF request which will allow unrestricted file upload into the VirtueMart media manager.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-6002
Publication date:
11/06/2025
An unrestricted file upload vulnerability exists in the Product Image section of the VirtueMart backend. Authenticated attackers can upload files with arbitrary extensions, including executable or malicious files, potentially leading to remote code execution or other security impacts depending on server configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-22874
Publication date:
11/06/2025
Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-40915
Publication date:
11/06/2025
Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.<br /> <br /> That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-4673
Publication date:
11/06/2025
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-1698
Publication date:
11/06/2025
Null pointer exception vulnerabilities were reported in the fingerprint sensor service that could allow a local attacker to cause a denial of service.
Severity CVSS v4.0: LOW
Last modification:
12/06/2025

CVE-2025-1699
Publication date:
11/06/2025
An incorrect default permissions vulnerability was reported in the MotoSignature application that could result in unauthorized access.
Severity CVSS v4.0: LOW
Last modification:
12/06/2025

CVE-2025-26383
Publication date:
11/06/2025
The iSTAR Configuration Utility (ICU) tool leaks memory, which could result in the unintended exposure of unauthorized data from the Windows PC that ICU is running on.
Severity CVSS v4.0: MEDIUM
Last modification:
12/06/2025

CVE-2025-49148
Publication date:
11/06/2025
ClipShare is a lightweight and cross-platform tool for clipboard sharing. Prior to 3.8.5, ClipShare Server for Windows uses the default Windows DLL search order and loads system libraries like CRYPTBASE.dll and WindowsCodecs.dll from its own directory before the system path. A local, non-privileged user who can write to the folder containing clip_share.exe can place malicious DLLs there, leading to arbitrary code execution in the context of the server, and, if launched by an Administrator (or another elevated user), it results in a reliable local privilege escalation. This vulnerability is fixed in 3.8.5.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2025

CVE-2025-49146
Publication date:
11/06/2025
pgjdbc is an open source postgresql JDBC Driver. From 42.7.4 and until 42.7.7, when the PostgreSQL JDBC driver is configured with channel binding set to required (default value is prefer), the driver would incorrectly allow connections to proceed with authentication methods that do not support channel binding (such as password, MD5, GSS, or SSPI authentication). This could allow a man-in-the-middle attacker to intercept connections that users believed were protected by channel binding requirements. This vulnerability is fixed in 42.7.7.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2025

CVE-2025-48444
Publication date:
11/06/2025
Missing Authorization vulnerability in Drupal Quick Node Block allows Forceful Browsing.This issue affects Quick Node Block: from 0.0.0 before 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/06/2025

CVE-2025-48445
Publication date:
11/06/2025
Incorrect Authorization vulnerability in Drupal Commerce Eurobank (Redirect) allows Functionality Misuse.This issue affects Commerce Eurobank (Redirect): from 0.0.0 before 2.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2025
Subscribe to Vulnerabilities