Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-53106
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ima: fix buffer overrun in ima_eventdigest_init_common<br /> <br /> Function ima_eventdigest_init() calls ima_eventdigest_init_common()<br /> with HASH_ALGO__LAST which is then used to access the array<br /> hash_digest_size[] leading to buffer overrun. Have a conditional<br /> statement to handle this.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-53110
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vp_vdpa: fix id_table array not null terminated error<br /> <br /> Allocate one extra virtio_device_id as null terminator, otherwise<br /> vdpa_mgmtdev_get_classes() may iterate multiple times and visit<br /> undefined memory.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-53112
Publication date:
02/12/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ocfs2: uncache inode which has failed entering the group<br /> <br /> Syzbot has reported the following BUG:<br /> <br /> kernel BUG at fs/ocfs2/uptodate.c:509!<br /> ...<br /> Call Trace:<br /> <br /> ? __die_body+0x5f/0xb0<br /> ? die+0x9e/0xc0<br /> ? do_trap+0x15a/0x3a0<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? do_error_trap+0x1dc/0x2c0<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? __pfx_do_error_trap+0x10/0x10<br /> ? handle_invalid_op+0x34/0x40<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ? exc_invalid_op+0x38/0x50<br /> ? asm_exc_invalid_op+0x1a/0x20<br /> ? ocfs2_set_new_buffer_uptodate+0x2e/0x160<br /> ? ocfs2_set_new_buffer_uptodate+0x144/0x160<br /> ? ocfs2_set_new_buffer_uptodate+0x145/0x160<br /> ocfs2_group_add+0x39f/0x15a0<br /> ? __pfx_ocfs2_group_add+0x10/0x10<br /> ? __pfx_lock_acquire+0x10/0x10<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? __pfx_lock_release+0x10/0x10<br /> ? rcu_read_lock_any_held+0xb7/0x160<br /> ? __pfx_rcu_read_lock_any_held+0x10/0x10<br /> ? smack_log+0x123/0x540<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? mnt_get_write_access+0x68/0x2b0<br /> ? mnt_get_write_access+0x226/0x2b0<br /> ocfs2_ioctl+0x65e/0x7d0<br /> ? __pfx_ocfs2_ioctl+0x10/0x10<br /> ? smack_file_ioctl+0x29e/0x3a0<br /> ? __pfx_smack_file_ioctl+0x10/0x10<br /> ? lockdep_hardirqs_on_prepare+0x43d/0x780<br /> ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10<br /> ? __pfx_ocfs2_ioctl+0x10/0x10<br /> __se_sys_ioctl+0xfb/0x170<br /> do_syscall_64+0xf3/0x230<br /> entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> ...<br /> <br /> <br /> When &amp;#39;ioctl(OCFS2_IOC_GROUP_ADD, ...)&amp;#39; has failed for the particular<br /> inode in &amp;#39;ocfs2_verify_group_and_input()&amp;#39;, corresponding buffer head<br /> remains cached and subsequent call to the same &amp;#39;ioctl()&amp;#39; for the same<br /> inode issues the BUG() in &amp;#39;ocfs2_set_new_buffer_uptodate()&amp;#39; (trying<br /> to cache the same buffer head of that inode). Fix this by uncaching<br /> the buffer head with &amp;#39;ocfs2_remove_from_cache()&amp;#39; on error path in<br /> &amp;#39;ocfs2_group_add()&amp;#39;.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-52486
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52487
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52489
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52491
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52492
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52493
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2025

CVE-2024-52494
Publication date:
02/12/2024
Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Matt Varone, Tim Berneman Dynamic "To Top" allows Stored XSS.This issue affects Dynamic "To Top": from 3.5.2 through n/a.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52476
Publication date:
02/12/2024
Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024

CVE-2024-52477
Publication date:
02/12/2024
Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document &amp; Data Automation allows Stored XSS.This issue affects Document &amp; Data Automation: from n/a through 1.6.1.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2024
Subscribe to Vulnerabilities