Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-48777
Publication date:
16/06/2026
FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta.
Severity CVSS v4.0: CRITICAL
Last modification:
16/06/2026

CVE-2026-47747
Publication date:
16/06/2026
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption.<br /> The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-47750
Publication date:
16/06/2026
stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-46448
Publication date:
16/06/2026
In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12425
Publication date:
16/06/2026
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting (XSS). This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it be eval()&amp;#39;d in the page and execute in the context of the user.
Severity CVSS v4.0: MEDIUM
Last modification:
16/06/2026

CVE-2026-22312
Publication date:
16/06/2026
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration<br /> and execute some commands (e.g. system reboot).
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-22313
Publication date:
16/06/2026
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send<br /> arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-11890
Publication date:
16/06/2026
Improper access control in PAM account discovery results in Devolutions <br /> Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve <br /> account discovery scan results.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12105
Publication date:
16/06/2026
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows<br /> an authenticated user to access attachments via folder duplication with<br /> inherited permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12117
Publication date:
16/06/2026
Improper access control in the social login connection endpoint in <br /> Devolutions Server 2026.2.5 allows an authenticated vault member to <br /> enumerate social login entry metadata to which they are not authorized <br /> via a crafted API request.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-0154
Publication date:
16/06/2026
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-0155
Publication date:
16/06/2026
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026
Subscribe to Vulnerabilities