Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-24788
Publication date:
29/01/2025
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the same machine. This vulnerability affects versions 2.0.12 through 4.2.0 on Linux and macOS. Snowflake fixed the issue in version 4.3.0.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2025-24793
Publication date:
29/01/2025
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_tools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2025-24794
Publication date:
29/01/2025
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialization format, potentially leading to local privilege escalation. This vulnerability affects versions 2.7.12 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2025-24795
Publication date:
29/01/2025
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential caching is enabled, the Snowflake Connector for Python will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 2.3.7 through 3.13.0. Snowflake fixed the issue in version 3.13.1.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2025

CVE-2025-24884
Publication date:
29/01/2025
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026

CVE-2025-0841
Publication date:
29/01/2025
A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026

CVE-2025-0840
Publication date:
29/01/2025
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.44 is able to address this issue. The identifier of the patch is baac6c221e9d69335bf41366a1c7d87d8ab2f893. It is recommended to upgrade the affected component.
Severity CVSS v4.0: MEDIUM
Last modification:
04/03/2025

CVE-2025-20014
Publication date:
29/01/2025
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with version information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2025-20061
Publication date:
29/01/2025
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.
Severity CVSS v4.0: CRITICAL
Last modification:
15/04/2026

CVE-2024-10001
Publication date:
29/01/2025
A Code Injection vulnerability was identified in GitHub Enterprise Server that allowed attackers to inject malicious code into the query selector via the identity property in the message handling function. This enabled the exfiltration of sensitive data by manipulating the DOM, including authentication tokens. To execute the attack, the victim must be logged into GitHub and interact with the attacker controlled malicious webpage containing the hidden iframe. This vulnerability occurs due to an improper sequence of validation, where the origin check occurs after accepting the user-controlled identity property. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.11.16, 3.12.10, 3.13.5, 3.14.2, and 3.15.0. This vulnerability was reported via the GitHub Bug Bounty program.
Severity CVSS v4.0: HIGH
Last modification:
05/09/2025

CVE-2024-48849
Publication date:
29/01/2025
Missing Origin Validation in WebSockets vulnerability in FLXEON. Session management was not sufficient to prevent unauthorized HTTPS requests. This issue affects FLXEON: through
Severity CVSS v4.0: HIGH
Last modification:
15/04/2026

CVE-2024-48852
Publication date:
29/01/2025
Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access.<br /> <br /> <br /> This issue affects FLXEON through
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026
Subscribe to Vulnerabilities