Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-6086
Publication date:
18/06/2025
The CSV Me plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'csv_me_options_page' function in all versions up to, and including, 2.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-38076
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> alloc_tag: allocate percpu counters for module tags dynamically<br /> <br /> When a module gets unloaded it checks whether any of its tags are still in<br /> use and if so, we keep the memory containing module&amp;#39;s allocation tags<br /> alive until all tags are unused. However percpu counters referenced by<br /> the tags are freed by free_module(). This will lead to UAF if the memory<br /> allocated by a module is accessed after module was unloaded.<br /> <br /> To fix this we allocate percpu counters for module allocation tags<br /> dynamically and we keep it alive for tags which are still in use after<br /> module unloading. This also removes the requirement of a larger<br /> PERCPU_MODULE_RESERVE when memory allocation profiling is enabled because<br /> percpu memory for counters does not need to be reserved anymore.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38080
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Increase block_sequence array size<br /> <br /> [Why]<br /> It&amp;#39;s possible to generate more than 50 steps in hwss_build_fast_sequence,<br /> for example with a 6-pipe asic where all pipes are in one MPC chain. This<br /> overflows the block_sequence buffer and corrupts block_sequence_steps,<br /> causing a crash.<br /> <br /> [How]<br /> Expand block_sequence to 100 items. A naive upper bound on the possible<br /> number of steps for a 6-pipe asic, ignoring the potential for steps to be<br /> mutually exclusive, is 91 with current code, therefore 100 is sufficient.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38081
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi-rockchip: Fix register out of bounds access<br /> <br /> Do not write native chip select stuff for GPIO chip selects.<br /> GPIOs can be numbered much higher than native CS.<br /> Also, it makes no sense.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38082
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpio: virtuser: fix potential out-of-bound write<br /> <br /> If the caller wrote more characters, count is truncated to the max<br /> available space in "simple_write_to_buffer". Check that the input<br /> size does not exceed the buffer size. Write a zero termination<br /> afterwards.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38079
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: algif_hash - fix double free in hash_accept<br /> <br /> If accept(2) is called on socket type algif_hash with<br /> MSG_MORE flag set and crypto_ahash_import fails,<br /> sk2 is freed. However, it is also freed in af_alg_release,<br /> leading to slab-use-after-free error.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2025-38078
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: pcm: Fix race of buffer access at PCM OSS layer<br /> <br /> The PCM OSS layer tries to clear the buffer with the silence data at<br /> initialization (or reconfiguration) of a stream with the explicit call<br /> of snd_pcm_format_set_silence() with runtime-&gt;dma_area. But this may<br /> lead to a UAF because the accessed runtime-&gt;dma_area might be freed<br /> concurrently, as it&amp;#39;s performed outside the PCM ops.<br /> <br /> For avoiding it, move the code into the PCM core and perform it inside<br /> the buffer access lock, so that it won&amp;#39;t be changed during the<br /> operation.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2025-38077
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()<br /> <br /> If the &amp;#39;buf&amp;#39; array received from the user contains an empty string, the<br /> &amp;#39;length&amp;#39; variable will be zero. Accessing the &amp;#39;buf&amp;#39; array element with<br /> index &amp;#39;length - 1&amp;#39; will result in a buffer overflow.<br /> <br /> Add a check for an empty string.<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2025-38070
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: sma1307: Add NULL check in sma1307_setting_loaded()<br /> <br /> All varibale allocated by kzalloc and devm_kzalloc could be NULL.<br /> Multiple pointer checks and their cleanup are added.<br /> <br /> This issue is found by our static analysis tool
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38069
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: pci-epf-test: Fix double free that causes kernel to oops<br /> <br /> Fix a kernel oops found while testing the stm32_pcie Endpoint driver<br /> with handling of PERST# deassertion:<br /> <br /> During EP initialization, pci_epf_test_alloc_space() allocates all BARs,<br /> which are further freed if epc_set_bar() fails (for instance, due to no<br /> free inbound window).<br /> <br /> However, when pci_epc_set_bar() fails, the error path:<br /> <br /> pci_epc_set_bar() -&gt;<br /> pci_epf_free_space()<br /> <br /> does not clear the previous assignment to epf_test-&gt;reg[bar].<br /> <br /> Then, if the host reboots, the PERST# deassertion restarts the BAR<br /> allocation sequence with the same allocation failure (no free inbound<br /> window), creating a double free situation since epf_test-&gt;reg[bar] was<br /> deallocated and is still non-NULL.<br /> <br /> Thus, make sure that pci_epf_alloc_space() and pci_epf_free_space()<br /> invocations are symmetric, and as such, set epf_test-&gt;reg[bar] to NULL<br /> when memory is freed.<br /> <br /> [kwilczynski: commit log]
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2025

CVE-2025-38073
Publication date:
18/06/2025
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2026

CVE-2025-38075
Publication date:
18/06/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: target: iscsi: Fix timeout on deleted connection<br /> <br /> NOPIN response timer may expire on a deleted connection and crash with<br /> such logs:<br /> <br /> Did not receive response to NOPIN on CID: 0, failing connection for I_T Nexus (null),i,0x00023d000125,iqn.2017-01.com.iscsi.target,t,0x3d<br /> <br /> BUG: Kernel NULL pointer dereference on read at 0x00000000<br /> NIP strlcpy+0x8/0xb0<br /> LR iscsit_fill_cxn_timeout_err_stats+0x5c/0xc0 [iscsi_target_mod]<br /> Call Trace:<br /> iscsit_handle_nopin_response_timeout+0xfc/0x120 [iscsi_target_mod]<br /> call_timer_fn+0x58/0x1f0<br /> run_timer_softirq+0x740/0x860<br /> __do_softirq+0x16c/0x420<br /> irq_exit+0x188/0x1c0<br /> timer_interrupt+0x184/0x410<br /> <br /> That is because nopin response timer may be re-started on nopin timer<br /> expiration.<br /> <br /> Stop nopin timer before stopping the nopin response timer to be sure<br /> that no one of them will be re-started.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025
Subscribe to Vulnerabilities