Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-53105
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mm: page_alloc: move mlocked flag clearance into free_pages_prepare()<br /> <br /> Syzbot reported a bad page state problem caused by a page being freed<br /> using free_page() still having a mlocked flag at free_pages_prepare()<br /> stage:<br /> <br /> BUG: Bad page state in process syz.5.504 pfn:61f45<br /> page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45<br /> flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff)<br /> raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000<br /> raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000<br /> page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set<br /> page_owner tracks the page as allocated<br /> page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394<br /> set_page_owner include/linux/page_owner.h:32 [inline]<br /> post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537<br /> prep_new_page mm/page_alloc.c:1545 [inline]<br /> get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457<br /> __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733<br /> alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265<br /> kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99<br /> kvm_create_vm virt/kvm/kvm_main.c:1235 [inline]<br /> kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline]<br /> kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530<br /> __do_compat_sys_ioctl fs/ioctl.c:1007 [inline]<br /> __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950<br /> do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline]<br /> __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386<br /> do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411<br /> entry_SYSENTER_compat_after_hwframe+0x84/0x8e<br /> page last free pid 8399 tgid 8399 stack trace:<br /> reset_page_owner include/linux/page_owner.h:25 [inline]<br /> free_pages_prepare mm/page_alloc.c:1108 [inline]<br /> free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686<br /> folios_put_refs+0x76c/0x860 mm/swap.c:1007<br /> free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335<br /> __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline]<br /> tlb_batch_pages_flush mm/mmu_gather.c:149 [inline]<br /> tlb_flush_mmu_free mm/mmu_gather.c:366 [inline]<br /> tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373<br /> tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465<br /> exit_mmap+0x496/0xc40 mm/mmap.c:1926<br /> __mmput+0x115/0x390 kernel/fork.c:1348<br /> exit_mm+0x220/0x310 kernel/exit.c:571<br /> do_exit+0x9b2/0x28e0 kernel/exit.c:926<br /> do_group_exit+0x207/0x2c0 kernel/exit.c:1088<br /> __do_sys_exit_group kernel/exit.c:1099 [inline]<br /> __se_sys_exit_group kernel/exit.c:1097 [inline]<br /> __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097<br /> x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232<br /> do_syscall_x64 arch/x86/entry/common.c:52 [inline]<br /> do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> Modules linked in:<br /> CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0<br /> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024<br /> Call Trace:<br /> <br /> __dump_stack lib/dump_stack.c:94 [inline]<br /> dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120<br /> bad_page+0x176/0x1d0 mm/page_alloc.c:501<br /> free_page_is_bad mm/page_alloc.c:918 [inline]<br /> free_pages_prepare mm/page_alloc.c:1100 [inline]<br /> free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638<br /> kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline]<br /> kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386<br /> kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143<br /> __fput+0x23f/0x880 fs/file_table.c:431<br /> task_work_run+0x24f/0x310 kernel/task_work.c:239<br /> exit_task_work include/linux/task_work.h:43 [inline]<br /> do_exit+0xa2f/0x28e0 kernel/exit.c:939<br /> do_group_exit+0x207/0x2c0 kernel/exit.c:1088<br /> __do_sys_exit_group kernel/exit.c:1099 [in<br /> ---truncated---
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-53106
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ima: fix buffer overrun in ima_eventdigest_init_common<br /> <br /> Function ima_eventdigest_init() calls ima_eventdigest_init_common()<br /> with HASH_ALGO__LAST which is then used to access the array<br /> hash_digest_size[] leading to buffer overrun. Have a conditional<br /> statement to handle this.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-53110
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vp_vdpa: fix id_table array not null terminated error<br /> <br /> Allocate one extra virtio_device_id as null terminator, otherwise<br /> vdpa_mgmtdev_get_classes() may iterate multiple times and visit<br /> undefined memory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-53112
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: uncache inode which has failed entering the group<br /> <br /> Syzbot has reported the following BUG:<br /> <br /> kernel BUG at fs/ocfs2/uptodate.c:509!<br /> ...<br /> Call Trace:<br /> <br /> ? __die_body+0x5f/0xb0<br /> ? die+0x9e/0xc0<br /> ? do_trap+0x15a/0x3a0<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? do_error_trap+0x1dc/0x2c0<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? __pfx_do_error_trap+0x10/0x10<br /> ? handle_invalid_op+0x34/0x40<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? exc_invalid_op+0x38/0x50<br /> ? asm_exc_invalid_op+0x1a/0x20<br /> ? ocfs2_set_new_buffer_uptodate+0x2e/0x160<br /> ? ocfs2_set_new_buffer_uptodate+0x144/0x160<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ocfs2_group_add+0x39f/0x15a0<br /> ? __pfx_ocfs2_group_add+0x10/0x10<br /> ? __pfx_lock_acquire+0x10/0x10<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? __pfx_lock_release+0x10/0x10<br /> ? rcu_read_lock_any_held+0xb7/0x160<br /> ? __pfx_rcu_read_lock_any_held+0x10/0x10<br /> ? smack_log+0x123/0x540<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? mnt_get_write_access+0x226/0x2b0<br /> ocfs2_ioctl+0x65e/0x7d0<br /> ? __pfx_ocfs2_ioctl+0x10/0x10<br /> ? smack_file_ioctl+0x29e/0x3a0<br /> ? __pfx_smack_file_ioctl+0x10/0x10<br /> ? lockdep_hardirqs_on_prepare+0x43d/0x780<br /> ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10<br /> ? __pfx_ocfs2_ioctl+0x10/0x10<br /> __se_sys_ioctl+0xfb/0x170<br /> do_syscall_64+0xf3/0x230<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> ...<br /> <br /> <br /> When &amp;#39;ioctl(OCFS2_IOC_GROUP_ADD, ...)&amp;#39; has failed for the particular<br /> inode in &amp;#39;ocfs2_verify_group_and_input()&amp;#39;, corresponding buffer head<br /> remains cached and subsequent call to the same &amp;#39;ioctl()&amp;#39; for the same<br /> inode issues the BUG() in &amp;#39;ocfs2_set_new_buffer_uptodate()&amp;#39; (trying<br /> to cache the same buffer head of that inode). Fix this by uncaching<br /> the buffer head with &amp;#39;ocfs2_remove_from_cache()&amp;#39; on error path in<br /> &amp;#39;ocfs2_group_add()&amp;#39;.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-52502
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in ImbaSynergy ImbaChat imbachat-widget allows DOM-Based XSS.This issue affects ImbaChat: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52503
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Tailored Media Tailored Tools tailored-tools allows Stored XSS.This issue affects Tailored Tools: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52494
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Matt Varone, Tim Berneman Dynamic "To Top" allows Stored XSS.This issue affects Dynamic "To Top": from 3.5.2 through n/a.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52486
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in SolverWp Elementor Portfolio Builder portfolio-builder-elementor allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52487
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in webcodingplace Ultimate Classified Listings ultimate-classified-listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52489
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in udidol Add Chat App Button add-whatsapp-button allows Stored XSS.This issue affects Add Chat App Button: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52491
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Sanil Shakya Sticky Social Icons sticky-social-icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026

CVE-2024-52492
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in gopiplus Image horizontal reel scroll slideshow image-horizontal-reel-scroll-slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2026
Subscribe to Vulnerabilities