Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-10925
Publication date:
03/03/2025
A vulnerability in GitLab-EE affecting all versions from 16.2 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1 allows a Guest user to read Security policy YAML
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2025

CVE-2024-8186
Publication date:
03/03/2025
An issue has been discovered in GitLab CE/EE affecting all versions from 16.6 before 17.7.6, 17.8 before 17.8.4, and 17.9 before 17.9.1. An attacker could inject HMTL into the child item search potentially leading to XSS in certain situations.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2025

CVE-2025-1859
Publication date:
03/03/2025
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
03/03/2025

CVE-2025-1864
Publication date:
03/03/2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before
Severity CVSS v4.0: CRITICAL
Last modification:
01/07/2025

CVE-2025-1866
Publication date:
03/03/2025
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform.<br /> <br /> By default, the affected code is not executed unless one of the following conditions is met:<br /> <br /> LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake.<br /> LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake.<br /> Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior.
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2025-1867
Publication date:
03/03/2025
Inconsistent Interpretation of HTTP Requests (&amp;#39;HTTP Request/Response Smuggling&amp;#39;) vulnerability in ithewei libhv allows HTTP Response Smuggling.This issue affects libhv: through 1.3.3.
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2025-24846
Publication date:
03/03/2025
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-25280
Publication date:
03/03/2025
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-24654
Publication date:
03/03/2025
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO squirrly-seo.This issue affects SEO Plugin by Squirrly SEO: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2026

CVE-2025-1858
Publication date:
03/03/2025
A vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
24/06/2025

CVE-2025-1856
Publication date:
03/03/2025
A vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
24/06/2025

CVE-2025-1857
Publication date:
03/03/2025
A vulnerability classified as critical has been found in PHPGurukul Nipah Virus Testing Management System 1.0. This affects an unknown part of the file /check_availability.php. The manipulation of the argument employeeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity CVSS v4.0: MEDIUM
Last modification:
24/06/2025
Subscribe to Vulnerabilities