Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-46236

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: rc: xbox_remote: heed DMA restrictions<br /> <br /> The buffer for IO must not be part of the device structure<br /> because that violates the DMA coherency rules.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46235

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: saa7164: add ioremap return checks and cleanups<br /> <br /> Add checks for ioremap return values in saa7164_dev_setup(). If<br /> ioremap for BAR0 or BAR2 fails, release the already allocated PCI<br /> memory regions, remove the device from the global list, decrement<br /> the device count, and return -ENODEV.<br /> <br /> This prevents potential null pointer dereferences and ensures proper<br /> cleanup on memory mapping failures.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46234

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vsock: fix buffer size clamping order<br /> <br /> In vsock_update_buffer_size(), the buffer size was being clamped to the<br /> maximum first, and then to the minimum. If a user sets a minimum buffer<br /> size larger than the maximum, the minimum check overrides the maximum<br /> check, inverting the constraint.<br /> <br /> This breaks the intended socket memory boundaries by allowing the<br /> vsk-&gt;buffer_size to grow beyond the configured vsk-&gt;buffer_max_size.<br /> <br /> Fix this by checking the minimum first, and then the maximum. This<br /> ensures the buffer size never exceeds the buffer_max_size.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46237

Publication date:
28/05/2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2026

CVE-2026-4377

Publication date:
28/05/2026
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.<br /> <br /> This issue was fixed in version 1.00B16CP.
Severity CVSS v4.0: MEDIUM
Last modification:
28/05/2026

CVE-2026-47074

Publication date:
28/05/2026
Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.<br /> <br /> This vulnerability is associated with program files lib/ex_aws/sns.ex, lib/ex_aws/sns/public_key_cache.ex and program routines &amp;#39;Elixir.ExAws.SNS&amp;#39;:verify_message/1, &amp;#39;Elixir.ExAws.SNS.PublicKeyCache&amp;#39;:get/1.<br /> <br /> &amp;#39;Elixir.ExAws.SNS&amp;#39;:verify_message/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that the host matches an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to an endpoint that calls verify_message/1 can supply an attacker-controlled SigningCertURL, sign a forged SNS message with their own key, and cause the function to return :ok, completely bypassing SNS signature verification.<br /> <br /> This issue affects ex_aws_sns: from 2.0.1 before 2.3.5.
Severity CVSS v4.0: HIGH
Last modification:
29/05/2026

CVE-2026-46224

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure<br /> <br /> When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo<br /> is not freed. Add xe_bo_free(storage) before returning the error.<br /> <br /> xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on<br /> error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own<br /> error paths. Otherwise, since xe_gem_prime_import() cannot distinguish<br /> whether the failure originated from xe_dma_buf_init_obj() or from<br /> xe_bo_init_locked(), it cannot safely decide whether the bo should be<br /> freed.<br /> <br /> Add comments documenting the ownership semantics: on success, ownership<br /> of storage is transferred to the returned drm_gem_object; on failure,<br /> storage is freed before returning.<br /> <br /> v2: Add comments to explain the free logic.<br /> <br /> (cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46225

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: rspi: fix controller deregistration<br /> <br /> Make sure to deregister the controller before releasing underlying<br /> resources like DMA during driver unbind.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46226

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: fsl: fix controller deregistration<br /> <br /> Make sure to deregister the controller before releasing underlying<br /> resources like DMA during driver unbind.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46233

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> batman-adv: bla: only purge non-released claims<br /> <br /> When batadv_bla_purge_claims() goes through the list of claims, it is only<br /> traversing the hash list with an rcu_read_lock(). Due to a potential<br /> parallel batadv_claim_put(), it can happen that it encounters a claim which<br /> was actually in the process of being released+freed by<br /> batadv_claim_release(). In this case, backbone_gw is set to NULL before the<br /> delayed RCU kfree is started. Calling batadv_bla_claim_get_backbone_gw() is<br /> then no longer allowed because it would cause a NULL-ptr derefence.<br /> <br /> To avoid this, only claims with a valid reference counter must be purged.<br /> All others are already taken care of.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46232

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: playstation: Clamp num_touch_reports<br /> <br /> A device would never lie about the number of touch reports would it?<br /> <br /> If it does the loop in dualshock4_parse_report will read off the end of<br /> the touch_reports array, up to about 2 KiB for the maximum number of 256<br /> loop iteraions. The data that is read is emitted via evdev if the<br /> DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by<br /> clamping the num_touch_reports value provided by the device to the<br /> maximum size of the touch_reports array.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46231

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> batman-adv: bla: put backbone reference on failed claim hash insert<br /> <br /> When batadv_bla_add_claim() fails to insert a new claim into the hash, it<br /> leaked a reference to the backbone_gw for which the claim was intended.<br /> Call batadv_backbone_gw_put() on the error path to release the reference<br /> and avoid leaking the backbone_gw object.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026