Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-43111
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> HID: roccat: fix use-after-free in roccat_report_event<br /> <br /> roccat_report_event() iterates over the device-&gt;readers list without<br /> holding the readers_lock. This allows a concurrent roccat_release() to<br /> remove and free a reader while it&amp;#39;s still being accessed, leading to a<br /> use-after-free.<br /> <br /> Protect the readers list traversal with the readers_lock mutex.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43110
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: brcmfmac: validate bsscfg indices in IF events<br /> <br /> brcmf_fweh_handle_if_event() validates the firmware-provided interface<br /> index before it touches drvr-&gt;iflist[], but it still uses the raw<br /> bsscfgidx field as an array index without a matching range check.<br /> <br /> Reject IF events whose bsscfg index does not fit in drvr-&gt;iflist[]<br /> before indexing the interface array.<br /> <br /> [add missing wifi prefix]
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2026

CVE-2026-43108
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei<br /> <br /> It looks element length declared in servreg_loc_pfr_req_ei for reason<br /> not matching servreg_loc_pfr_req&amp;#39;s reason field due which we could<br /> observe decoding error on PD crash.<br /> <br /> qmi_decode_string_elem: String len 81 &gt;= Max Len 65<br /> <br /> Fix this by matching with servreg_loc_pfr_req&amp;#39;s reason field.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43107
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfrm: account XFRMA_IF_ID in aevent size calculation<br /> <br /> xfrm_get_ae() allocates the reply skb with xfrm_aevent_msgsize(), then<br /> build_aevent() appends attributes including XFRMA_IF_ID when x-&gt;if_id is<br /> set.<br /> <br /> xfrm_aevent_msgsize() does not include space for XFRMA_IF_ID. For states<br /> with if_id, build_aevent() can fail with -EMSGSIZE and hit BUG_ON(err
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43106
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cachefiles: fix incorrect dentry refcount in cachefiles_cull()<br /> <br /> The patch mentioned below changed cachefiles_bury_object() to expect 2<br /> references to the &amp;#39;rep&amp;#39; dentry. Three of the callers were changed to<br /> use start_removing_dentry() which takes an extra reference so in those<br /> cases the call gets the expected references.<br /> <br /> However there is another call to cachefiles_bury_object() in<br /> cachefiles_cull() which did not need to be changed to use<br /> start_removing_dentry() and so was not properly considered.<br /> It still passed the dentry with just one reference so the net result is<br /> that a reference is lost.<br /> <br /> To meet the expectations of cachefiles_bury_object(), cachefiles_cull()<br /> must take an extra reference before the call. It will be dropped by<br /> cachefiles_bury_object().
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43105
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vc4: Fix memory leak of BO array in hang state<br /> <br /> The hang state&amp;#39;s BO array is allocated separately with kzalloc() in<br /> vc4_save_hang_state() but never freed in vc4_free_hang_state(). Add the<br /> missing kfree() for the BO array before freeing the hang state struct.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43109
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86: shadow stacks: proper error handling for mmap lock<br /> <br /> 김영민 reports that shstk_pop_sigframe() doesn&amp;#39;t check for errors from<br /> mmap_read_lock_killable(), which is a silly oversight, and also shows<br /> that we haven&amp;#39;t marked those functions with "__must_check", which would<br /> have immediately caught it.<br /> <br /> So let&amp;#39;s fix both issues.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2026

CVE-2026-43096
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mshv: Fix infinite fault loop on permission-denied GPA intercepts<br /> <br /> Prevent infinite fault loops when guests access memory regions without<br /> proper permissions. Currently, mshv_handle_gpa_intercept() attempts to<br /> remap pages for all faults on movable memory regions, regardless of<br /> whether the access type is permitted. When a guest writes to a read-only<br /> region, the remap succeeds but the region remains read-only, causing<br /> immediate re-fault and spinning the vCPU indefinitely.<br /> <br /> Validate intercept access type against region permissions before<br /> attempting remaps. Reject writes to non-writable regions and executes to<br /> non-executable regions early, returning false to let the VMM handle the<br /> intercept appropriately.<br /> <br /> This also closes a potential DoS vector where malicious guests could<br /> intentionally trigger these fault loops to consume host resources.
Severity CVSS v4.0: Pending analysis
Last modification:
06/05/2026

CVE-2026-43104
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vc4: Fix a memory leak in hang state error path<br /> <br /> When vc4_save_hang_state() encounters an early return condition, it<br /> returns without freeing the previously allocated `kernel_state`,<br /> leaking memory.<br /> <br /> Add the missing kfree() calls by consolidating the early return paths<br /> into a single place.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43103
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: lapbether: handle NETDEV_PRE_TYPE_CHANGE<br /> <br /> lapbeth_data_transmit() expects the underlying device type<br /> to be ARPHRD_ETHER.<br /> <br /> Returning NOTIFY_BAD from lapbeth_device_event() makes sure<br /> bonding driver can not break this expectation.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43102
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: airoha: Fix memory leak in airoha_qdma_rx_process()<br /> <br /> If an error occurs on the subsequents buffers belonging to the<br /> non-linear part of the skb (e.g. due to an error in the payload length<br /> reported by the NIC or if we consumed all the available fragments for<br /> the skb), the page_pool fragment will not be linked to the skb so it will<br /> not return to the pool in the airoha_qdma_rx_process() error path. Fix the<br /> memory leak partially reverting commit &amp;#39;d6d2b0e1538d ("net: airoha: Fix<br /> page recycling in airoha_qdma_rx_process()")&amp;#39; and always running<br /> page_pool_put_full_page routine in the airoha_qdma_rx_process() error<br /> path.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026

CVE-2026-43101
Publication date:
06/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data()<br /> <br /> We need to check __in6_dev_get() for possible NULL value, as<br /> suggested by Yiming Qian.<br /> <br /> Also add skb_dst_dev_rcu() instead of skb_dst_dev(),<br /> and two missing READ_ONCE().<br /> <br /> Note that @dev can&amp;#39;t be NULL.
Severity CVSS v4.0: Pending analysis
Last modification:
11/05/2026
Subscribe to Vulnerabilities