Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-2862
Publication date:
28/03/2025
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.
Severity CVSS v4.0: MEDIUM
Last modification:
15/10/2025

CVE-2025-2863
Publication date:
28/03/2025
Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.
Severity CVSS v4.0: MEDIUM
Last modification:
10/10/2025

CVE-2025-2864
Publication date:
28/03/2025
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).
Severity CVSS v4.0: LOW
Last modification:
10/10/2025

CVE-2025-2865
Publication date:
28/03/2025
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.
Severity CVSS v4.0: LOW
Last modification:
10/10/2025

CVE-2025-2877
Publication date:
28/03/2025
A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2025-28219
Publication date:
28/03/2025
Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2025-28220
Publication date:
28/03/2025
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2025

CVE-2025-28221
Publication date:
28/03/2025
Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2025-2858
Publication date:
28/03/2025
Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.
Severity CVSS v4.0: HIGH
Last modification:
15/10/2025

CVE-2025-2859
Publication date:
28/03/2025
An attacker with network access, could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.
Severity CVSS v4.0: MEDIUM
Last modification:
10/10/2025

CVE-2025-2860
Publication date:
28/03/2025
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.
Severity CVSS v4.0: MEDIUM
Last modification:
10/10/2025

CVE-2025-0986
Publication date:
28/03/2025
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
Severity CVSS v4.0: Pending analysis
Last modification:
18/08/2025
Subscribe to Vulnerabilities