Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-0145
Publication date:
30/01/2025
Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2025

CVE-2025-0146
Publication date:
30/01/2025
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2025

CVE-2024-10604
Publication date:
30/01/2025
Vulnerabilities in the algorithms used by Fuchsia to populate network protocol header fields, specifically the TCP ISN, TCP timestamp, TCP and UDP source ports, and IPv4/IPv6 fragment ID allow for these values to be guessed under circumstances
Severity CVSS v4.0: MEDIUM
Last modification:
29/07/2025

CVE-2025-0142
Publication date:
30/01/2025
Cleartext storage of sensitive information in the Zoom Jenkins Marketplace plugin before version 1.4 may allow an authenticated user to conduct a disclosure of information via network access.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2025

CVE-2024-10026
Publication date:
30/01/2025
A weak hashing algorithm and small sizes of seeds/secrets in Google's gVisor allowed for a remote attacker to calculate a local IP address and a per-boot identifier that could aid in tracking of a device in certain circumstances.
Severity CVSS v4.0: MEDIUM
Last modification:
31/07/2025

CVE-2024-10603
Publication date:
30/01/2025
Weaknesses in the generation of TCP/UDP source ports and some other header values in Google's gVisor allowed them to be predicted by an external attacker in some circumstances.
Severity CVSS v4.0: MEDIUM
Last modification:
29/07/2025

CVE-2025-24507
Publication date:
30/01/2025
This vulnerability allows appliance compromise at boot time.
Severity CVSS v4.0: HIGH
Last modification:
05/02/2025

CVE-2025-24505
Publication date:
30/01/2025
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file.
Severity CVSS v4.0: HIGH
Last modification:
05/02/2025

CVE-2025-24506
Publication date:
30/01/2025
A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types.
Severity CVSS v4.0: MEDIUM
Last modification:
05/02/2025

CVE-2025-24504
Publication date:
30/01/2025
An improper input validation the CSRF filter results in unsanitized user input written to the application logs.
Severity CVSS v4.0: MEDIUM
Last modification:
05/02/2025

CVE-2025-24503
Publication date:
30/01/2025
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially crafted link to the PAM server.
Severity CVSS v4.0: CRITICAL
Last modification:
05/02/2025

CVE-2025-0626
Publication date:
30/01/2025
The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device.
Severity CVSS v4.0: HIGH
Last modification:
01/03/2025
Subscribe to Vulnerabilities