Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-59609
Publication date:
01/06/2026
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59614
Publication date:
01/06/2026
Memory Corruption when sending random number generator command with insufficient output buffer size.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2025-59613
Publication date:
01/06/2026
Memory Corruption when output buffer size is smaller than input buffer size during data copying operation.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2025-59612
Publication date:
01/06/2026
Memory corruption in windows drivers while sending incorrect trusted application request
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2025-59611
Publication date:
01/06/2026
Memory corruption in diagnostic services due to absence of input validation
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2025-59610
Publication date:
01/06/2026
Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026

CVE-2025-59601
Publication date:
01/06/2026
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59604
Publication date:
01/06/2026
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59605
Publication date:
01/06/2026
Memory Corruption when processing device identifier strings that exceed the expected maximum length.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2025-59606
Publication date:
01/06/2026
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2026

CVE-2019-25718
Publication date:
01/06/2026
Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor.
Severity CVSS v4.0: HIGH
Last modification:
02/06/2026

CVE-2026-28580
Publication date:
01/06/2026
In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2026
Subscribe to Vulnerabilities