Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-57849
Publication date:
13/03/2026
A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-60012
Publication date:
13/03/2026
Malicious configuration can lead to unauthorized file access in Apache Livy.<br /> <br /> This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later.<br /> <br /> A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to files they do not have permissions to.<br /> <br /> For the vulnerability to be exploitable, the user needs to have access to Apache Livy&amp;#39;s REST or JDBC interface and be able to send requests with arbitrary Spark configuration values.<br /> <br /> Users are recommended to upgrade to version 0.9.0 or later, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-66249
Publication date:
13/03/2026
Improper Limitation of a Pathname to a Restricted Directory (&amp;#39;Path Traversal&amp;#39;) vulnerability in Apache Livy.<br /> <br /> This issue affects Apache Livy: from 0.3.0 before 0.9.0.<br /> <br /> The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value "livy.file.local-dir-whitelist" is set to a non-default value, the directory checking can be bypassed.<br /> <br /> Users are recommended to upgrade to version 0.9.0, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-14504
Publication date:
13/03/2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-14811
Publication date:
13/03/2026
IBM Sterling Partner Engagement Manager 6.2.3.0 through 6.2.3.5 and 6.2.4.0 through 6.2.4.2 could allow an attacker to obtain sensitive information from the query string of an HTTP GET method to process a request which could be obtained using man in the middle techniques.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-15515
Publication date:
13/03/2026
The authentication mechanism for a specific feature in the EasyShare module contains a vulnerability. If specific conditions are met on a local network, it can cause data leakage
Severity CVSS v4.0: MEDIUM
Last modification:
13/03/2026

CVE-2025-36368
Publication date:
13/03/2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, and 6.2.1.0 through 6.2.1.1_1 are vulnerable to SQL injection. An administrative user could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-13777
Publication date:
13/03/2026
Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Severity CVSS v4.0: HIGH
Last modification:
13/03/2026

CVE-2025-13778
Publication date:
13/03/2026
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Severity CVSS v4.0: HIGH
Last modification:
13/03/2026

CVE-2025-13779
Publication date:
13/03/2026
Missing authentication for critical function vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1.
Severity CVSS v4.0: HIGH
Last modification:
13/03/2026

CVE-2025-14483
Publication date:
13/03/2026
IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.7_2, 6.2.0.0 through 6.2.0.5_1, 6.2.1.0 through 6.2.1.1_1, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026

CVE-2025-13337
Publication date:
13/03/2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2026
Subscribe to Vulnerabilities