Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52689
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: scarlett2: Add missing mutex lock around get meter levels<br /> <br /> As scarlett2_meter_ctl_get() uses meter_level_map[], the data_mutex<br /> should be locked while accessing it.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-52683
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ACPI: LPIT: Avoid u32 multiplication overflow<br /> <br /> In lpit_update_residency() there is a possibility of overflow<br /> in multiplication, if tsc_khz is large enough (&gt; UINT_MAX/1000).<br /> <br /> Change multiplication to mul_u32_u32().<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with SVACE.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2023-52674
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()<br /> <br /> Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and<br /> SCARLETT2_MIXER_MAX_VALUE so we don&amp;#39;t attempt to access outside<br /> scarlett2_mixer_values[].
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2023-52675
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> powerpc/imc-pmu: Add a null pointer check in update_events_in_group()<br /> <br /> kasprintf() returns a pointer to dynamically allocated memory<br /> which can be NULL upon failure.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2024

CVE-2023-52676
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Guard stack limits against 32bit overflow<br /> <br /> This patch promotes the arithmetic around checking stack bounds to be<br /> done in the 64-bit domain, instead of the current 32bit. The arithmetic<br /> implies adding together a 64-bit register with a int offset. The<br /> register was checked to be below 1
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2023-52677
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: Check if the code to patch lies in the exit section<br /> <br /> Otherwise we fall through to vmalloc_to_page() which panics since the<br /> address does not lie in the vmalloc region.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2024-5049
Publication date:
17/05/2024
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-5050
Publication date:
17/05/2024
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.
Severity CVSS v4.0: MEDIUM
Last modification:
15/04/2026

CVE-2024-5047
Publication date:
17/05/2024
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.
Severity CVSS v4.0: MEDIUM
Last modification:
10/02/2025

CVE-2024-5048
Publication date:
17/05/2024
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
03/03/2025

CVE-2024-5042
Publication date:
17/05/2024
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-35834
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: recycle buffer in case Rx queue was full<br /> <br /> Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce<br /> descriptor to XSK Rx queue.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025
Subscribe to Vulnerabilities