Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-29936

Publication date:
15/05/2026
Improper input validation within the AMD Platform Management Framework (PMF) could allow an attacker to unmap arbitrary memory pages potentially impacting integrity and availability, or allowing privilege escalation resulting in loss of confidentiality.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2025-29937

Publication date:
15/05/2026
An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality.
Severity CVSS v4.0: MEDIUM
Last modification:
15/05/2026

CVE-2025-29938

Publication date:
15/05/2026
An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2025-29944

Publication date:
15/05/2026
A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash
Severity CVSS v4.0: MEDIUM
Last modification:
15/05/2026

CVE-2021-26380

Publication date:
15/05/2026
A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity.
Severity CVSS v4.0: LOW
Last modification:
15/05/2026

CVE-2022-23826

Publication date:
15/05/2026
A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity.
Severity CVSS v4.0: LOW
Last modification:
15/05/2026

CVE-2023-31309

Publication date:
15/05/2026
Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability.
Severity CVSS v4.0: MEDIUM
Last modification:
15/05/2026

CVE-2023-31316

Publication date:
15/05/2026
Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2023-31317

Publication date:
15/05/2026
Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2024-21962

Publication date:
15/05/2026
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution.
Severity CVSS v4.0: HIGH
Last modification:
15/05/2026

CVE-2024-36332

Publication date:
15/05/2026
Improper isolation of GPU HW register space could allow a privileged attacker in malicious Guest Virtual Machine (VM) to perform unauthorized access to specific victim range of GPU MMIO register space, potentially causing the host OS to reboot and creating a Denial of Service (DOS) condition.
Severity CVSS v4.0: MEDIUM
Last modification:
15/05/2026

CVE-2026-8612

Publication date:
15/05/2026
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.<br /> <br /> With no explicit cache backend, WWW::Mechanize::Cached constructs a default Cache::FileCache under /tmp/FileCache without overriding the backend&amp;#39;s documented directory_umask of 000, so the cache root and its subdirectories are created mode 0777 with no sticky bit. Cache entries are named by sha1_hex of the request and read back through Storable::thaw on the next cache hit.<br /> <br /> A local attacker with write access to the cache tree can replace a victim&amp;#39;s cache entry for a known URL with an arbitrary frozen HTTP::Response blob, causing the victim&amp;#39;s next get() of that URL to return attacker controlled response bytes. Because the bytes are passed to Storable::thaw, a victim process that has loaded any class with a side-effectful STORABLE_thaw, DESTROY, or overload hook can be escalated to arbitrary code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026