Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-7304
Publication date:
18/05/2026
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-0983
Publication date:
18/05/2026
Denial-of-service condition in M-Files Server versions before 26.5.16015.0, before 26.2 LTS, and before 25.8 LTS SR3 allows an authenticated user to cause the MFserver process to crash
Severity CVSS v4.0: HIGH
Last modification:
18/05/2026

CVE-2026-8802
Publication date:
18/05/2026
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argument pic_filename results in path traversal. The attack may be launched remotely. The patch is identified as def0c27a0e252668df8d942fc31e16d1edfd7323. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure.
Severity CVSS v4.0: MEDIUM
Last modification:
18/05/2026

CVE-2026-4320
Publication date:
18/05/2026
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials.
Severity CVSS v4.0: CRITICAL
Last modification:
18/05/2026

CVE-2026-41119
Publication date:
18/05/2026
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-7498
Publication date:
18/05/2026
Improper neutralization of input during web page generation (&amp;#39;cross-site scripting&amp;#39;) vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS.<br /> <br /> This issue affects DernekWeb: through 30122025.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-6347
Publication date:
18/05/2026
Mattermost versions 11.5.x
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-6346
Publication date:
18/05/2026
Mattermost versions 11.5.x
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-6902
Publication date:
18/05/2026
A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks.
Severity CVSS v4.0: HIGH
Last modification:
18/05/2026

CVE-2026-4643
Publication date:
18/05/2026
Mattermost Desktop App versions
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-6333
Publication date:
18/05/2026
Mattermost versions 11.5.x
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2026-6345
Publication date:
18/05/2026
Mattermost versions 11.5.x
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026
Subscribe to Vulnerabilities