Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46717
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: SHAMPO, Fix incorrect page release<br /> <br /> Under the following conditions:<br /> 1) No skb created yet<br /> 2) header_size == 0 (no SHAMPO header)<br /> 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the<br /> last page fragment of a SHAMPO header page)<br /> <br /> a new skb is formed with a page that is NOT a SHAMPO header page (it<br /> is a regular data page). Further down in the same function<br /> (mlx5e_handle_rx_cqe_mpwrq_shampo()), a SHAMPO header page from<br /> header_index is released. This is wrong and it leads to SHAMPO header<br /> pages being released more than once.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46719
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: ucsi: Fix null pointer dereference in trace<br /> <br /> ucsi_register_altmode checks IS_ERR for the alt pointer and treats<br /> NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,<br /> ucsi_register_displayport returns NULL which causes a NULL pointer<br /> dereference in trace. Rather than return NULL, call<br /> typec_port_register_altmode to register DisplayPort alternate mode<br /> as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46720
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix dereference after null check<br /> <br /> check the pointer hive before use.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46722
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix mc_data out-of-bounds read warning<br /> <br /> Clear warning that read mc_data[i-1] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46723
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix ucode out-of-bounds read warning<br /> <br /> Clear warning that read ucode[] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46724
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number<br /> <br /> Check the fb_channel_number range to avoid the array out-of-bounds<br /> read error
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46725
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds write warning<br /> <br /> Check the ring type value to fix the out-of-bounds<br /> write warning
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46726
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Ensure index calculation will not overflow<br /> <br /> [WHY &amp; HOW]<br /> Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will<br /> never overflow and exceess array size.<br /> <br /> This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-41929
Publication date:
18/09/2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024

CVE-2024-42404
Publication date:
18/09/2024
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025

CVE-2024-45366
Publication date:
18/09/2024
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user&amp;#39;s web browser.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025

CVE-2024-6641
Publication date:
18/09/2024
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2024
Subscribe to Vulnerabilities