Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-63909

Publication date:

03/03/2026

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2025-63910

Publication date:

03/03/2026

An authenticated arbitrary file upload vulnerability in Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers with Administrator privileges to execute arbitrary code via uploading a crafted patch file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2025-63911

Publication date:

03/03/2026

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to contain an authenticated command injection vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2025-63912

Publication date:

03/03/2026

Cohesity TranZman Migration Appliance Release 4.0 Build 14614 was discovered to use a weak cryptography algorithm for data encryption, allowing attackers to trivially reverse the encyption and expose credentials.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2021-35486

Publication date:

03/03/2026

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie is validated.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2023-31044

Publication date:

03/03/2026

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may attempt data exfiltration or other malicious activity when automatically executed by the spreadsheet software.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2021-35483

Publication date:

03/03/2026

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload JavaScript files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one. If an authenticated user visits the web page where the file is published, the JavaScript code is executed.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2021-35484

Publication date:

03/03/2026

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic (for the View Campaign page) via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive data from the database and obtain access to the database user, database name, and database version information.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2021-35485

Publication date:

03/03/2026

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to arbitrarily upload server-side executable files via the /ui/rest-proxy/application fileupload parameter. This can occur during the adding of a new application, or during the editing of an existing one.

Severity CVSS v4.0: Pending analysis

Last modification:

03/03/2026

CVE-2026-3136

Publication date:

03/03/2026

An improper authorization vulnerability in GitHub Trigger Comment Control in Google Cloud Build prior to 2026-1-26 allows a remote attacker to execute arbitrary code in the build environment.<br /> <br /> This vulnerability was patched on 26 January 2026, and no customer action is needed.

Severity CVSS v4.0: HIGH

Last modification:

03/03/2026