Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-12162
Publication date:
16/06/2026
Improper host validation in the social login autofill feature in <br /> Devolutions Remote Desktop Manager 2026.2.8 allows an attacker to <br /> disclose stored social login credentials via a crafted web entry <br /> pointing to a provider lookalike domain.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-12161
Publication date:
16/06/2026
Improper input validation in the SSH Elevate Shell feature in <br /> Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user<br /> with permission to create or modify a shared SSH entry to execute <br /> arbitrary commands on a remote SSH host using stored elevation <br /> credentials via a crafted alternate username and user interaction with <br /> the Elevate Shell action.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2026

CVE-2026-9262
Publication date:
16/06/2026
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9258
Publication date:
16/06/2026
Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9259
Publication date:
16/06/2026
Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-9260
Publication date:
16/06/2026
Use of hard-coded cryptographic keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: MEDIUM
Last modification:
16/06/2026

CVE-2026-9261
Publication date:
16/06/2026
Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier
Severity CVSS v4.0: HIGH
Last modification:
16/06/2026

CVE-2026-53430
Publication date:
15/06/2026
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb.<br /> <br /> This vulnerability is associated with program files lib/grpc/compressor/gzip.ex, lib/grpc/message.ex and program routines &amp;#39;Elixir.GRPC.Compressor.Gzip&amp;#39;:decompress/1, &amp;#39;Elixir.GRPC.Message&amp;#39;:from_data/2.<br /> <br /> &amp;#39;Elixir.GRPC.Compressor.Gzip&amp;#39;:decompress/1 calls :zlib.gunzip/1 directly on attacker-controlled bytes with no decompressed-size limit, ratio check, or incremental decoding. Because this module is the registered gzip GRPC.Compressor implementation, it is invoked automatically whenever an incoming gRPC frame carries the grpc-encoding: gzip header. :zlib.gunzip/1 allocates the entire decompressed result as a single binary, so a small highly compressible payload (for example a few kilobytes of zeros, which gzip compresses at roughly 1000:1) expands to multiple gigabytes inside a single call. The max_receive_message_length limit is enforced only against the already-decompressed message, so it provides no protection. An unauthenticated remote peer can send a single crafted frame to exhaust the BEAM node&amp;#39;s heap and trigger an out-of-memory kill.<br /> <br /> This issue affects grpc: from 0.4.0 before 1.0.0.
Severity CVSS v4.0: HIGH
Last modification:
15/06/2026

CVE-2026-48599
Publication date:
15/06/2026
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the query string or request body.<br /> <br /> In &amp;#39;Elixir.GRPC.Server.Transcode&amp;#39;:map_request/5 (lib/grpc/server/transcode.ex), all three clauses use Map.merge/2 with path bindings as the first argument, giving them the lowest merge precedence. A request such as GET /users/me/profile?user_id=victim (or a POST with {"user_id": "victim"} when body: "*") yields a decoded protobuf struct where the path-bound field carries the attacker-supplied value rather than the router-extracted value. Any handler that uses the path-bound field for authorization, multi-tenancy scoping, or ownership checks is silently bypassed.<br /> <br /> This issue affects grpc from 0.8.0 before 1.0.0.
Severity CVSS v4.0: HIGH
Last modification:
15/06/2026

CVE-2026-48723
Publication date:
15/06/2026
The browserstack-cypress-cli is BrowserStack&amp;#39;s CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36.4 are vulnerable to OS command injection via the cypress_config_file configuration parameter. In readCypressConfigUtil.js, the loadJsFile() function constructs a shell command by interpolating the user-controlled cypress_config_filepath value into a template literal, then executes it via child_process.execSync(). Shell metacharacters in the config path (specifically " and ;) allow breaking out of the quoted argument and injecting arbitrary commands. This issue has been fixed in version 1.36.6.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2026

CVE-2026-48853
Publication date:
15/06/2026
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows into a call site that invokes it, achieve remote code execution on the server.<br /> <br /> &amp;#39;Elixir.GRPC.Codec.Erlpack&amp;#39;:decode/2 (lib/grpc/codec/erlpack.ex) calls :erlang.binary_to_term/1 on the raw gRPC message body without the :safe option, no size bound, and no type guard. Any unauthenticated peer that sends a request with Content-Type: application/grpc+erlpack can send a crafted payload that mints arbitrary new atoms (which are never garbage-collected, exhausting the bounded atom table and crashing the VM) or that encodes a fun term which, if applied anywhere downstream, executes attacker-controlled code inside the server process.<br /> <br /> This issue affects grpc from 0.4.0 before 1.0.0.
Severity CVSS v4.0: CRITICAL
Last modification:
15/06/2026

CVE-2026-48854
Publication date:
15/06/2026
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM&amp;#39;s memory and crash the server by streaming a large or slow-trickle unary request body.<br /> <br /> &amp;#39;Elixir.GRPC.Server.Adapters.Cowboy.Handler&amp;#39;:read_full_body/3 (lib/grpc/server/adapters/cowboy/handler.ex) accumulates every received chunk into a single growing binary with no size cap. Additionally, when the client omits the grpc-timeout header, the per-chunk read timeout resolves to :infinity, allowing a slow-trickle client to keep the connection alive indefinitely while memory grows. A single connection is sufficient to exhaust server memory and crash the node.<br /> <br /> This issue affects grpc from 0.3.1 before 1.0.0.
Severity CVSS v4.0: HIGH
Last modification:
15/06/2026
Subscribe to Vulnerabilities