Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-56089
Publication date:
01/12/2025
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2025

CVE-2025-13129
Publication date:
01/12/2025
Improper Enforcement of Behavioral Workflow vulnerability in Seneka Software Hardware Information Technology Trade Contracting and Industry Ltd. Co. Onaylarım allows Functionality Misuse.This issue affects Onaylarım: from 25.09.26.01 through 18112025.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-49643
Publication date:
01/12/2025
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
Severity CVSS v4.0: MEDIUM
Last modification:
06/02/2026

CVE-2025-49642
Publication date:
01/12/2025
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
Severity CVSS v4.0: MEDIUM
Last modification:
01/12/2025

CVE-2025-12106
Publication date:
01/12/2025
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2025

CVE-2025-27232
Publication date:
01/12/2025
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity CVSS v4.0: MEDIUM
Last modification:
06/02/2026

CVE-2025-58408
Publication date:
01/12/2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free.<br /> <br /> The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2025

CVE-2025-13296
Publication date:
01/12/2025
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-41070
Publication date:
01/12/2025
Reflected Cross-site Scripting (XSS) vulnerability in Sanoma&amp;#39;s Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim&amp;#39;s browser by sending them a malicious URL in &amp;#39;/students/carpetes_varies.php&amp;#39;. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity CVSS v4.0: MEDIUM
Last modification:
01/12/2025

CVE-2025-59789
Publication date:
01/12/2025
Uncontrolled recursion in the json2pb component in Apache bRPC (version
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-6349
Publication date:
01/12/2025
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-8045
Publication date:
01/12/2025
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025
Subscribe to Vulnerabilities