Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-50783
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mptcp: use proper req destructor for IPv6<br /> <br /> Before, only the destructor from TCP request sock in IPv4 was called<br /> even if the subflow was IPv6.<br /> <br /> It is important to use the right destructor to avoid memory leaks with<br /> some advanced IPv6 features, e.g. when the request socks contain<br /> specific IPv6 options.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2023-28619
Publication date:
24/12/2025
Missing Authorization vulnerability in bnayawpguy Resoto allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Resoto: from n/a through 1.0.8.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2023-32120
Publication date:
24/12/2025
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2023-36525
Publication date:
24/12/2025
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2023-40679
Publication date:
24/12/2025
Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Master Addons for Elementor: from n/a through 2.0.5.3.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2023-54043
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommufd: Do not add the same hwpt to the ioas-&gt;hwpt_list twice<br /> <br /> The hwpt is added to the hwpt_list only during its creation, it is never<br /> added again. This hunk is some missed leftover from rework. Adding it<br /> twice will corrupt the linked list in some cases.<br /> <br /> It effects HWPT specific attachment, which is something the test suite<br /> cannot cover until we can create a legitimate struct device with a<br /> non-system iommu "driver" (ie we need the bus removed from the iommu code)
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50772
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netdevsim: fix memory leak in nsim_bus_dev_new()<br /> <br /> If device_register() failed in nsim_bus_dev_new(), the value of reference<br /> in nsim_bus_dev-&gt;dev is 1. obj-&gt;name in nsim_bus_dev-&gt;dev will not be<br /> released.<br /> <br /> unreferenced object 0xffff88810352c480 (size 16):<br /> comm "echo", pid 5691, jiffies 4294945921 (age 133.270s)<br /> hex dump (first 16 bytes):<br /> 6e 65 74 64 65 76 73 69 6d 31 00 00 00 00 00 00 netdevsim1......<br /> backtrace:<br /> [] __kmalloc_node_track_caller+0x3a/0xb0<br /> [] kvasprintf+0xc3/0x160<br /> [] kvasprintf_const+0x55/0x180<br /> [] kobject_set_name_vargs+0x56/0x150<br /> [] dev_set_name+0xbb/0xf0<br /> [] device_add+0x1f8/0x1cb0<br /> [] new_device_store+0x3b6/0x5e0<br /> [] bus_attr_store+0x72/0xa0<br /> [] sysfs_kf_write+0x106/0x160<br /> [] kernfs_fop_write_iter+0x3a8/0x5a0<br /> [] vfs_write+0x8f0/0xc80<br /> [] ksys_write+0x106/0x210<br /> [] do_syscall_64+0x35/0x80<br /> [] entry_SYSCALL_64_after_hwframe+0x46/0xb0
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50773
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt<br /> <br /> I got a null-ptr-defer error report when I do the following tests<br /> on the qemu platform:<br /> <br /> make defconfig and CONFIG_PARPORT=m, CONFIG_PARPORT_PC=m,<br /> CONFIG_SND_MTS64=m<br /> <br /> Then making test scripts:<br /> cat&gt;test_mod1.sh
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50774
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: qat - fix DMA transfer direction<br /> <br /> When CONFIG_DMA_API_DEBUG is selected, while running the crypto self<br /> test on the QAT crypto algorithms, the function add_dma_entry() reports<br /> a warning similar to the one below, saying that overlapping mappings<br /> are not supported. This occurs in tests where the input and the output<br /> scatter list point to the same buffers (i.e. two different scatter lists<br /> which point to the same chunks of memory).<br /> <br /> The logic that implements the mapping uses the flag DMA_BIDIRECTIONAL<br /> for both the input and the output scatter lists which leads to<br /> overlapped write mappings. These are not supported by the DMA layer.<br /> <br /> Fix by specifying the correct DMA transfer directions when mapping<br /> buffers. For in-place operations where the input scatter list<br /> matches the output scatter list, buffers are mapped once with<br /> DMA_BIDIRECTIONAL, otherwise input buffers are mapped using the flag<br /> DMA_TO_DEVICE and output buffers are mapped with DMA_FROM_DEVICE.<br /> Overlapping a read mapping with a write mapping is a valid case in<br /> dma-coherent devices like QAT.<br /> The function that frees and unmaps the buffers, qat_alg_free_bufl()<br /> has been changed accordingly to the changes to the mapping function.<br /> <br /> DMA-API: 4xxx 0000:06:00.0: cacheline tracking EEXIST, overlapping mappings aren&amp;#39;t supported<br /> WARNING: CPU: 53 PID: 4362 at kernel/dma/debug.c:570 add_dma_entry+0x1e9/0x270<br /> ...<br /> Call Trace:<br /> dma_map_page_attrs+0x82/0x2d0<br /> ? preempt_count_add+0x6a/0xa0<br /> qat_alg_sgl_to_bufl+0x45b/0x990 [intel_qat]<br /> qat_alg_aead_dec+0x71/0x250 [intel_qat]<br /> crypto_aead_decrypt+0x3d/0x70<br /> test_aead_vec_cfg+0x649/0x810<br /> ? number+0x310/0x3a0<br /> ? vsnprintf+0x2a3/0x550<br /> ? scnprintf+0x42/0x70<br /> ? valid_sg_divisions.constprop.0+0x86/0xa0<br /> ? test_aead_vec+0xdf/0x120<br /> test_aead_vec+0xdf/0x120<br /> alg_test_aead+0x185/0x400<br /> alg_test+0x3d8/0x500<br /> ? crypto_acomp_scomp_free_ctx+0x30/0x30<br /> ? __schedule+0x32a/0x12a0<br /> ? ttwu_queue_wakelist+0xbf/0x110<br /> ? _raw_spin_unlock_irqrestore+0x23/0x40<br /> ? try_to_wake_up+0x83/0x570<br /> ? _raw_spin_unlock_irqrestore+0x23/0x40<br /> ? __set_cpus_allowed_ptr_locked+0xea/0x1b0<br /> ? crypto_acomp_scomp_free_ctx+0x30/0x30<br /> cryptomgr_test+0x27/0x50<br /> kthread+0xe6/0x110<br /> ? kthread_complete_and_exit+0x20/0x20<br /> ret_from_fork+0x1f/0x30
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50775
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/hns: Fix refcount leak in hns_roce_mmap<br /> <br /> rdma_user_mmap_entry_get_pgoff() takes the reference.<br /> Add missing rdma_user_mmap_entry_put() to release the reference.<br /> <br /> Acked-by Haoyue Xu
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50776
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: st: Fix memory leak in st_of_quadfs_setup()<br /> <br /> If st_clk_register_quadfs_pll() fails, @lock should be freed before goto<br /> @err_exit, otherwise will cause meory leak issue, fix it.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025

CVE-2022-50777
Publication date:
24/12/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe<br /> <br /> of_phy_find_device() return device node with refcount incremented.<br /> Call put_device() to relese it when not needed anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2025
Subscribe to Vulnerabilities