Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-56099

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie RG-YST AP_3.0(1)B11P280YST250F allowing attackers to execute arbitrary commands via a crafted POST request to the pwdmodify in file /usr/lib/lua/luci/modules/common.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

12/12/2025

CVE-2025-56097

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226_EW1800GX-PRO_10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56095

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie RG-EW1200G PRO RG-EW1200G PRO V1.00/V2.00/V3.00/V4.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_sta/nbr_cwmp.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56094

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/host_access_delay.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56093

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie X30-PRO X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the setWisp in file /usr/lib/lua/luci/modules/wireless.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56098

Publication date:

11/12/2025

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56101

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie M18 EW_3.0(1)B11P226_M18_10223116 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

27/01/2026

CVE-2025-56092

Publication date:

11/12/2025

OS Command Injection vulnerability in Ruijie X30 PRO V1 X30-PRO-V1_09241521 allowing attackers to execute arbitrary commands via a crafted POST request to the module_get in file /usr/local/lua/dev_sta/networkConnect.lua.

Severity CVSS v4.0: Pending analysis

Last modification:

29/01/2026

CVE-2025-14534

Publication date:

11/12/2025

A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Severity CVSS v4.0: HIGH

Last modification:

07/01/2026

CVE-2025-14281

Publication date:

11/12/2025

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-13977. Reason: This candidate is a reservation duplicate of CVE-2025-13977. Notes: All CVE users should reference CVE-2025-13977 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2025

CVE-2025-14531

Publication date:

11/12/2025

A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Severity CVSS v4.0: MEDIUM

Last modification:

16/12/2025

CVE-2025-13780

Publication date:

11/12/2025

pgAdmin versions up to 9.10 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.

Severity CVSS v4.0: Pending analysis

Last modification:

19/12/2025

Subscribe to Vulnerabilities