Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-12106
Publication date:
01/12/2025
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
Severity CVSS v4.0: Pending analysis
Last modification:
30/12/2025

CVE-2025-27232
Publication date:
01/12/2025
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
Severity CVSS v4.0: MEDIUM
Last modification:
06/02/2026

CVE-2025-58408
Publication date:
01/12/2025
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger reads of stale data that can lead to kernel exceptions and write use-after-free.<br /> <br /> The Use After Free common weakness enumeration was chosen as the stale data can include handles to resources in which the reference counts can become unbalanced. This can lead to the premature destruction of a resource while in use.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2025

CVE-2025-13296
Publication date:
01/12/2025
Cross-Site Request Forgery (CSRF) vulnerability in Tekrom Technology Inc. T-Soft E-Commerce allows Cross Site Request Forgery.This issue affects T-Soft E-Commerce: through 28112025.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-41070
Publication date:
01/12/2025
Reflected Cross-site Scripting (XSS) vulnerability in Sanoma&amp;#39;s Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim&amp;#39;s browser by sending them a malicious URL in &amp;#39;/students/carpetes_varies.php&amp;#39;. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity CVSS v4.0: MEDIUM
Last modification:
01/12/2025

CVE-2025-59789
Publication date:
01/12/2025
Uncontrolled recursion in the json2pb component in Apache bRPC (version
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-6349
Publication date:
01/12/2025
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU memory processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-8045
Publication date:
01/12/2025
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-2879
Publication date:
01/12/2025
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to expose sensitive data.This issue affects Valhall GPU Kernel Driver: from r29p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2025-41738
Publication date:
01/12/2025
An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-41739
Publication date:
01/12/2025
An unauthenticated remote attacker, who beats a race condition, can exploit a flaw in the communication servers of the CODESYS Control runtime system on Linux and QNX to trigger an out-of-bounds read via crafted socket communication, potentially causing a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-41700
Publication date:
01/12/2025
An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025
Subscribe to Vulnerabilities