Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-4649
Publication date:
24/03/2026
Apache Artemis before version 2.52.0 is affected by an authentication bypass flaw which allows reading all messages exchanged via the broker and injection of new message ( CVE-2026-27446 https://www.cve.org/CVERecord ). Since KNIME Business Hub uses Apache Artemis it is also affected by the issue. However, since Apache Artemis is not exposed to the outside it requires at least normal user privileges and the ability to execute workflows in an executor. Such a user can install and register a federated mirror without authentication to the original Apache Artemis instance and thereby read all internal messages and inject new messages.<br /> <br /> The issue affects all versions of KNIME Business Hub. A fixed version of Apache Artemis is shipped with versions 1.18.0, 1.17.4, and 1.16.3.<br /> <br /> We recommend updating to a fixed version as soon as possible since no workaround is known.
Severity CVSS v4.0: MEDIUM
Last modification:
24/03/2026

CVE-2026-3509
Publication date:
24/03/2026
An unauthenticated remote attacker may be able to control the format string of messages processed by the Audit Log of the CODESYS Control runtime system, potentially resulting in a denial‑of‑service (DoS) condition.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-32642
Publication date:
24/03/2026
Incorrect Authorization (CWE-863) vulnerability in Apache Artemis, Apache ActiveMQ Artemis exists when an application using the OpenWire protocol attempts to create a non-durable JMS topic subscription on an address that doesn&amp;#39;t exist with an authenticated user which has the "createDurableQueue" permission but does not have the "createAddress" permission and address auto-creation is disabled. In this circumstance, a temporary address will be created whereas the attempt to create the non-durable subscription should instead fail since the user is not authorized to create the corresponding address. When the OpenWire connection is closed the address is removed.<br /> <br /> This issue affects Apache Artemis: from 2.50.0 through 2.52.0; Apache ActiveMQ Artemis: from 2.0.0 through 2.44.0.<br /> <br /> Users are recommended to upgrade to version 2.53.0, which fixes the issue.
Severity CVSS v4.0: LOW
Last modification:
24/03/2026

CVE-2025-41660
Publication date:
24/03/2026
A low-privileged remote attacker may be able to replace the boot application of the CODESYS Control runtime system, enabling unauthorized code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-33852
Publication date:
24/03/2026
Missing Release of Memory after Effective Lifetime vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4754
Publication date:
24/03/2026
CWE-79 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4755
Publication date:
24/03/2026
CWE-20 vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4756
Publication date:
24/03/2026
Out-of-bounds Write vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4749
Publication date:
24/03/2026
NVD-CWE-noinfo vulnerability in albfan miraclecast.This issue affects miraclecast: before v1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4750
Publication date:
24/03/2026
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4751
Publication date:
24/03/2026
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026

CVE-2026-4752
Publication date:
24/03/2026
Use After Free vulnerability in No-Chicken Echo-Mate.This issue affects Echo-Mate: before V250329.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2026
Subscribe to Vulnerabilities