Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-45251
Publication date:
21/05/2026
A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, this closure may result in the object being freed while the thread remains blocked. In this situation, the kernel must remove the blocked thread from the per-object wait queue prior to freeing the object.<br /> <br /> In the case of some file descriptor types, the kernel failed to unlink blocked threads from the object before freeing it. When the blocked thread is subsequently woken, it accesses memory that has already been freed resulting in a use-after-free vulnerability.<br /> <br /> The use-after-free vulnerability may be triggered by an unprivileged local user and can be exploited to obtain superuser privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-45252
Publication date:
21/05/2026
When a fusefs file system implements extended attributes, the kernel may send a FUSE_LISTXATTR message to the userspace daemon to retrieve the list of extended attributes for a given file. The FUSE protocol requires the daemon to return a packed list of NUL-terminated strings. The fusefs kernel module calls strlen() on this daemon-supplied buffer without first verifying that the entire list is NUL-terminated.<br /> <br /> If a malicious daemon sends a non-NUL-terminated list, the fusefs kernel module may read beyond the end of one heap-allocated buffer and potentially write beyond the end of a second buffer. A malicious daemon could disclose up to 253 bytes of kernel heap memory, or it could inject up to 250 attacker-controlled bytes into unallocated kernel heap space.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-45253
Publication date:
21/05/2026
ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges.<br /> <br /> The missing validation allows an unprivileged local user to escalate privileges, potentially gaining full control of the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-45254
Publication date:
21/05/2026
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.<br /> <br /> In certain scenarios, an application that had previously restricted a subset of network operations could ask for a new limit that extended the permissions of the process.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-45255
Publication date:
21/05/2026
When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1) to prompt the user to select a network. This is implemented using a shell script, and the code which handled network names was not careful to prevent expansion by the shell. As a result, a suitably crafted network name can be used to execute commands via a subshell.<br /> <br /> The problem can be exploited to execute code as root on the system running bsdinstall or bsdconfig. The attacker would need to create an access point with a specially crafted name and be within range of a Wi-Fi scan. Note that bsdinstall and bsdconfig are vulnerable as soon as the user prompts them to scan for nearby networks; they do not need to actually select the malicious network.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-28764
Publication date:
21/05/2026
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-45250
Publication date:
21/05/2026
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs.<br /> <br /> Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-4858
Publication date:
21/05/2026
Mattermost versions 11.6.x
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-5433
Publication date:
21/05/2026
Honeywell Control<br /> Network Module (CNM) contains command injection vulnerability<br /> in the web interface. An attacker could exploit this vulnerability via command<br /> delimiters, potentially resulting in Remote Code Execution (RCE).
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-5434
Publication date:
21/05/2026
Honeywell Control<br /> Network Module (CNM) contains<br /> insertion of sensitive information into an unintended directory. An attacker could exploit this vulnerability through probing<br /> system files, potentially resulting in unintended<br /> access to protected data.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-7837
Publication date:
21/05/2026
A time-of-check time-of-use (TOCTOU) condition in the ad_flush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2026

CVE-2026-9157
Publication date:
21/05/2026
Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code Inclusion.<br /> <br /> This issue affects Web Fax: from 3.0 before 3.1.
Severity CVSS v4.0: HIGH
Last modification:
21/05/2026
Subscribe to Vulnerabilities