Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-50597
Publication date:
02/04/2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-45064
Publication date:
02/04/2025
A buffer overflow vulnerability exists in the FileX Internal RAM interface functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted set of network packets can lead to code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2025

CVE-2024-50384
Publication date:
02/04/2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-50385
Publication date:
02/04/2025
A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-50594
Publication date:
02/04/2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Web Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-50595
Publication date:
02/04/2025
An integer underflow vulnerability exists in the HTTP server PUT request functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted series of network requests can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability.This vulnerability affects the NetX Duo Component HTTP Server implementation which can be found in x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2025-27556
Publication date:
02/04/2025
An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.views.LoginView, django.contrib.auth.views.LogoutView, and django.views.i18n.set_language are subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2025

CVE-2025-30090
Publication date:
02/04/2025
mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2025-21987
Publication date:
02/04/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: init return value in amdgpu_ttm_clear_buffer<br /> <br /> Otherwise an uninitialized value can be returned if<br /> amdgpu_res_cleared returns true for all regions.<br /> <br /> Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812<br /> <br /> (cherry picked from commit 7c62aacc3b452f73a1284198c81551035fac6d71)
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2025

CVE-2025-21989
Publication date:
02/04/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: fix missing .is_two_pixels_per_container<br /> <br /> Starting from 6.11, AMDGPU driver, while being loaded with amdgpu.dc=1,<br /> due to lack of .is_two_pixels_per_container function in dce60_tg_funcs,<br /> causes a NULL pointer dereference on PCs with old GPUs, such as R9 280X.<br /> <br /> So this fix adds missing .is_two_pixels_per_container to dce60_tg_funcs.<br /> <br /> (cherry picked from commit bd4b125eb949785c6f8a53b0494e32795421209d)
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2025-21990
Publication date:
02/04/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: NULL-check BO&amp;#39;s backing store when determining GFX12 PTE flags<br /> <br /> PRT BOs may not have any backing store, so bo-&gt;tbo.resource will be<br /> NULL. Check for that before dereferencing.<br /> <br /> (cherry picked from commit 3e3fcd29b505cebed659311337ea03b7698767fc)
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2025

CVE-2025-21988
Publication date:
02/04/2025
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> fs/netfs/read_collect: add to next-&gt;prev_donated<br /> <br /> If multiple subrequests donate data to the same "next" request<br /> (depending on the subrequest completion order), each of them would<br /> overwrite the `prev_donated` field, causing data corruption and a<br /> BUG() crash ("Can&amp;#39;t donate prior to front").
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025
Subscribe to Vulnerabilities