Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-53450
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: remove a BUG_ON in ext4_mb_release_group_pa()<br /> <br /> If a malicious fuzzer overwrites the ext4 superblock while it is<br /> mounted such that the s_first_data_block is set to a very large<br /> number, the calculation of the block group can underflow, and trigger<br /> a BUG_ON check. Change this to be an ext4_warning so that we don&amp;#39;t<br /> crash the kernel.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2026

CVE-2022-50465
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ext4: fix leaking uninitialized memory in fast-commit journal<br /> <br /> When space at the end of fast-commit journal blocks is unused, make sure<br /> to zero it out so that uninitialized memory is not leaked to disk.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50466
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/binfmt_elf: Fix memory leak in load_elf_binary()<br /> <br /> There is a memory leak reported by kmemleak:<br /> <br /> unreferenced object 0xffff88817104ef80 (size 224):<br /> comm "xfs_admin", pid 47165, jiffies 4298708825 (age 1333.476s)<br /> hex dump (first 32 bytes):<br /> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 60 a8 b3 00 81 88 ff ff a8 10 5a 00 81 88 ff ff `.........Z.....<br /> backtrace:<br /> [] __alloc_file+0x21/0x250<br /> [] alloc_empty_file+0x41/0xf0<br /> [] path_openat+0xea/0x3d30<br /> [] do_filp_open+0x1b9/0x290<br /> [] do_open_execat+0xce/0x5b0<br /> [] open_exec+0x27/0x50<br /> [] load_elf_binary+0x510/0x3ed0<br /> [] bprm_execve+0x599/0x1240<br /> [] do_execveat_common.isra.0+0x4c7/0x680<br /> [] __x64_sys_execve+0x88/0xb0<br /> [] do_syscall_64+0x35/0x80<br /> <br /> If "interp_elf_ex" fails to allocate memory in load_elf_binary(),<br /> the program will take the "out_free_ph" error handing path,<br /> resulting in "interpreter" file resource is not released.<br /> <br /> Fix it by adding an error handing path "out_free_file", which will<br /> release the file resource when "interp_elf_ex" failed to allocate<br /> memory.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50467
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFT_ID<br /> <br /> An error case exit from lpfc_cmpl_ct_cmd_gft_id() results in a call to<br /> lpfc_nlp_put() with a null pointer to a nodelist structure.<br /> <br /> Changed lpfc_cmpl_ct_cmd_gft_id() to initialize nodelist pointer upon<br /> entry.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50468
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init()<br /> <br /> The following WARNING message was given when rmmod cros_usbpd_notify:<br /> <br /> Unexpected driver unregister!<br /> WARNING: CPU: 0 PID: 253 at drivers/base/driver.c:270 driver_unregister+0x8a/0xb0<br /> Modules linked in: cros_usbpd_notify(-)<br /> CPU: 0 PID: 253 Comm: rmmod Not tainted 6.1.0-rc3 #24<br /> ...<br /> Call Trace:<br /> <br /> cros_usbpd_notify_exit+0x11/0x1e [cros_usbpd_notify]<br /> __x64_sys_delete_module+0x3c7/0x570<br /> ? __ia32_sys_delete_module+0x570/0x570<br /> ? lock_is_held_type+0xe3/0x140<br /> ? syscall_enter_from_user_mode+0x17/0x50<br /> ? rcu_read_lock_sched_held+0xa0/0xd0<br /> ? syscall_enter_from_user_mode+0x1c/0x50<br /> do_syscall_64+0x37/0x90<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br /> RIP: 0033:0x7f333fe9b1b7<br /> <br /> The reason is that the cros_usbpd_notify_init() does not check the return<br /> value of platform_driver_register(), and the cros_usbpd_notify can<br /> install successfully even if platform_driver_register() failed.<br /> <br /> Fix by checking the return value of platform_driver_register() and<br /> unregister cros_usbpd_notify_plat_driver when it failed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50469
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> staging: rtl8723bs: fix potential memory leak in rtw_init_drv_sw()<br /> <br /> In rtw_init_drv_sw(), there are various init functions are called to<br /> populate the padapter structure and some checks for their return value.<br /> However, except for the first one error path, the other five error paths<br /> do not properly release the previous allocated resources, which leads to<br /> various memory leaks.<br /> <br /> This patch fixes them and keeps the success and error separate.<br /> Note that these changes keep the form of `rtw_init_drv_sw()` in<br /> "drivers/staging/r8188eu/os_dep/os_intfs.c". As there is no proper device<br /> to test with, no runtime testing was performed.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50460
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cifs: Fix xid leak in cifs_flock()<br /> <br /> If not flock, before return -ENOLCK, should free the xid,<br /> otherwise, the xid will be leaked.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50461
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65_cpsw_nuss_ndo_slave_open()<br /> <br /> Ensure pm_runtime_put() is issued in error path.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50462
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> MIPS: vpe-mt: fix possible memory leak while module exiting<br /> <br /> Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device&amp;#39;s<br /> bus_id string array"), the name of device is allocated dynamically,<br /> it need be freed when module exiting, call put_device() to give up<br /> reference, so that it can be freed in kobject_cleanup() when the<br /> refcount hit to 0. The vpe_device is static, so remove kfree() from<br /> vpe_device_release().
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50463
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/52xx: Fix a resource leak in an error handling path<br /> <br /> The error handling path of mpc52xx_lpbfifo_probe() has a request_irq()<br /> that is not balanced by a corresponding free_irq().<br /> <br /> Add the missing call, as already done in the remove function.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50464
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2()<br /> <br /> As comment of pci_get_device() says, it returns a pci_device with its<br /> refcount increased. We need to call pci_dev_put() to decrease the<br /> refcount. Save the return value of pci_get_device() and call<br /> pci_dev_put() to decrease the refcount.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026

CVE-2022-50458
Publication date:
01/10/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: tegra: Fix refcount leak in tegra210_clock_init<br /> <br /> of_find_matching_node() returns a node pointer with refcount<br /> incremented, we should use of_node_put() on it when not need anymore.<br /> Add missing of_node_put() to avoid refcount leak.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2026
Subscribe to Vulnerabilities