Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-23401
Publication date:
11/03/2025
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions
Severity CVSS v4.0: HIGH
Last modification:
23/09/2025

CVE-2025-23402
Publication date:
11/03/2025
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions
Severity CVSS v4.0: HIGH
Last modification:
23/09/2025

CVE-2025-25266
Publication date:
11/03/2025
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions
Severity CVSS v4.0: HIGH
Last modification:
23/09/2025

CVE-2024-56336
Publication date:
11/03/2025
A vulnerability has been identified in SINAMICS S200 (All versions with serial number beginning with SZVS8, SZVS9, SZVS0 or SZVSN and the FS number is 02). The affected device contains an unlocked bootloader. This security oversight enables attackers to inject malicious code, or install untrusted firmware. The intrinsic security features designed to protect against data manipulation and unauthorized access are compromised when the bootloader is not secured.
Severity CVSS v4.0: CRITICAL
Last modification:
11/03/2025

CVE-2025-23384
Publication date:
11/03/2025
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/03/2025

CVE-2025-23396
Publication date:
11/03/2025
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions
Severity CVSS v4.0: HIGH
Last modification:
23/09/2025

CVE-2025-23397
Publication date:
11/03/2025
A vulnerability has been identified in Teamcenter Visualization V14.3 (All versions
Severity CVSS v4.0: HIGH
Last modification:
23/09/2025

CVE-2024-52285
Publication date:
11/03/2025
A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions
Severity CVSS v4.0: MEDIUM
Last modification:
11/03/2025

CVE-2024-56181
Publication date:
11/03/2025
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions
Severity CVSS v4.0: HIGH
Last modification:
11/11/2025

CVE-2024-56182
Publication date:
11/03/2025
A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions
Severity CVSS v4.0: HIGH
Last modification:
11/11/2025

CVE-2025-1550
Publication date:
11/03/2025
The Keras Model.load_model function permits arbitrary code execution, even with safe_mode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, to be loaded and executed during model loading.
Severity CVSS v4.0: HIGH
Last modification:
31/07/2025

CVE-2025-27893
Publication date:
11/03/2025
In Archer Platform 6 through 6.14.00202.10024, an authenticated user with record creation privileges can manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request via a GenericContent/Record.aspx?id= URI. NOTE: the Supplier analyzed the reported exploitation steps and found that, although the user can modify the immutable field, upon switching to View mode the field is reverted to its original value, without anything being saved to the database (and consequently there is no impact).
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2025
Subscribe to Vulnerabilities