Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43066

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths<br /> <br /> During code review, Joseph found that ext4_fc_replay_inode() calls<br /> ext4_get_fc_inode_loc() to get the inode location, which holds a<br /> reference to iloc.bh that must be released via brelse().<br /> <br /> However, several error paths jump to the &amp;#39;out&amp;#39; label without<br /> releasing iloc.bh:<br /> <br /> - ext4_handle_dirty_metadata() failure<br /> - sync_dirty_buffer() failure<br /> - ext4_mark_inode_used() failure<br /> - ext4_iget() failure<br /> <br /> Fix this by introducing an &amp;#39;out_brelse&amp;#39; label placed just before<br /> the existing &amp;#39;out&amp;#39; label to ensure iloc.bh is always released.<br /> <br /> Additionally, make ext4_fc_replay_inode() propagate errors<br /> properly instead of always returning 0.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-43065

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: always drain queued discard work in ext4_mb_release()<br /> <br /> While reviewing recent ext4 patch[1], Sashiko raised the following<br /> concern[2]:<br /> <br /> &gt; If the filesystem is initially mounted with the discard option,<br /> &gt; deleting files will populate sbi-&gt;s_discard_list and queue<br /> &gt; s_discard_work. If it is then remounted with nodiscard, the<br /> &gt; EXT4_MOUNT_DISCARD flag is cleared, but the pending s_discard_work is<br /> &gt; neither cancelled nor flushed.<br /> <br /> [1] https://lore.kernel.org/r/20260319094545.19291-1-qiang.zhang@linux.dev/<br /> [2] https://sashiko.dev/#/patchset/20260319094545.19291-1-qiang.zhang%40linux.dev<br /> <br /> The concern was valid, but it had nothing to do with the patch[1].<br /> One of the problems with Sashiko in its current (early) form is that<br /> it will detect pre-existing issues and report it as a problem with the<br /> patch that it is reviewing.<br /> <br /> In practice, it would be hard to hit deliberately (unless you are a<br /> malicious syzkaller fuzzer), since it would involve mounting the file<br /> system with -o discard, and then deleting a large number of files,<br /> remounting the file system with -o nodiscard, and then immediately<br /> unmounting the file system before the queued discard work has a change<br /> to drain on its own.<br /> <br /> Fix it because it&amp;#39;s a real bug, and to avoid Sashiko from raising this<br /> concern when analyzing future patches to mballoc.c.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-43063

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: don&amp;#39;t irele after failing to iget in xfs_attri_recover_work<br /> <br /> xlog_recovery_iget* never set @ip to a valid pointer if they return<br /> an error, so this irele will walk off a dangling pointer. Fix that.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-43062

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp()<br /> <br /> l2cap_ecred_reconf_rsp() casts the incoming data to struct<br /> l2cap_ecred_conn_rsp (the ECRED *connection* response, 8 bytes with<br /> result at offset 6) instead of struct l2cap_ecred_reconf_rsp (2 bytes<br /> with result at offset 0).<br /> <br /> This causes two problems:<br /> <br /> - The sizeof(*rsp) length check requires 8 bytes instead of the<br /> correct 2, so valid L2CAP_ECRED_RECONF_RSP packets are rejected<br /> with -EPROTO.<br /> <br /> - rsp-&gt;result reads from offset 6 instead of offset 0, returning<br /> wrong data when the packet is large enough to pass the check.<br /> <br /> Fix by using the correct type. Also pass the already byte-swapped<br /> result variable to BT_DBG instead of the raw __le16 field.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-43061

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: 8250: Fix TX deadlock when using DMA<br /> <br /> `dmaengine_terminate_async` does not guarantee that the<br /> `__dma_tx_complete` callback will run. The callback is currently the<br /> only place where `dma-&gt;tx_running` gets cleared. If the transaction is<br /> canceled and the callback never runs, then `dma-&gt;tx_running` will never<br /> get cleared and we will never schedule new TX DMA transactions again.<br /> <br /> This change makes it so we clear `dma-&gt;tx_running` after we terminate<br /> the DMA transaction. This is "safe" because `serial8250_tx_dma_flush`<br /> is holding the UART port lock. The first thing the callback does is also<br /> grab the UART port lock, so access to `dma-&gt;tx_running` is serialized.
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-43064

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: idxd: Fix not releasing workqueue on .release()<br /> <br /> The workqueue associated with an DSA/IAA device is not released when<br /> the object is freed.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2026

CVE-2026-43059

Publication date:
05/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers<br /> <br /> Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") introduced<br /> mgmt_pending_valid(), which not only validates the pending command but<br /> also unlinks it from the pending list if it is valid. This change in<br /> semantics requires updates to several completion handlers to avoid list<br /> corruption and memory safety issues.<br /> <br /> This patch addresses two left-over issues from the aforementioned rework:<br /> <br /> 1. In mgmt_add_adv_patterns_monitor_complete(), mgmt_pending_remove()<br /> is replaced with mgmt_pending_free() in the success path. Since<br /> mgmt_pending_valid() already unlinks the command at the beginning of<br /> the function, calling mgmt_pending_remove() leads to a double list_del()<br /> and subsequent list corruption/kernel panic.<br /> <br /> 2. In set_mesh_complete(), the use of mgmt_pending_foreach() in the error<br /> path is removed. Since the current command is already unlinked by<br /> mgmt_pending_valid(), this foreach loop would incorrectly target other<br /> pending mesh commands, potentially freeing them while they are still being<br /> processed concurrently (leading to UAFs). The redundant mgmt_cmd_status()<br /> is also simplified to use cmd-&gt;opcode directly.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-35192

Publication date:
05/05/2026
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.<br /> Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user&amp;#39;s session after that user visits a cached public page.<br /> Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected.<br /> Django would like to thank Cantina for reporting this issue.
Severity CVSS v4.0: LOW
Last modification:
07/05/2026

CVE-2026-39103

Publication date:
05/05/2026
Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()
Severity CVSS v4.0: Pending analysis
Last modification:
29/05/2026

CVE-2026-34000

Publication date:
05/05/2026
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server, either locally or remotely, can exploit this without user interaction. This could lead to the disclosure of memory contents or cause a denial of service by crashing the server.
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2026

CVE-2026-34002

Publication date:
05/05/2026
A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory boundaries. This can lead to the exposure of sensitive information or cause the server to crash, resulting in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
08/06/2026

CVE-2026-31195

Publication date:
05/05/2026
OS command injection vulnerability in the ping diagnostic handler in /bin/httpd_clientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using shell command substitution.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2026