Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-5048
Publication date:
17/05/2024
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
03/03/2025

CVE-2024-5042
Publication date:
17/05/2024
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-35834
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: recycle buffer in case Rx queue was full<br /> <br /> Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce<br /> descriptor to XSK Rx queue.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35835
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: fix a double-free in arfs_create_groups<br /> <br /> When `in` allocated by kvzalloc fails, arfs_create_groups will free<br /> ft-&gt;g and return an error. However, arfs_create_table, the only caller of<br /> arfs_create_groups, will hold this error and call to<br /> mlx5e_destroy_flow_table, in which the ft-&gt;g will be freed again.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-35836
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpll: fix pin dump crash for rebound module<br /> <br /> When a kernel module is unbound but the pin resources were not entirely<br /> freed (other kernel module instance of the same PCI device have had kept<br /> the reference to that pin), and kernel module is again bound, the pin<br /> properties would not be updated (the properties are only assigned when<br /> memory for the pin is allocated), prop pointer still points to the<br /> kernel module memory of the kernel module which was deallocated on the<br /> unbind.<br /> <br /> If the pin dump is invoked in this state, the result is a kernel crash.<br /> Prevent the crash by storing persistent pin properties in dpll subsystem,<br /> copy the content from the kernel module when pin is allocated, instead of<br /> using memory of the kernel module.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35838
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: fix potential sta-link leak<br /> <br /> When a station is allocated, links are added but not<br /> set to valid yet (e.g. during connection to an AP MLD),<br /> we might remove the station without ever marking links<br /> valid, and leak them. Fix that.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35837
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: mvpp2: clear BM pool before initialization<br /> <br /> Register value persist after booting the kernel using<br /> kexec which results in kernel panic. Thus clear the<br /> BM pool registers before initialisation to fix the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2024-35829
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/lima: fix a memleak in lima_heap_alloc<br /> <br /> When lima_vm_map_bo fails, the resources need to be deallocated, or<br /> there will be memleaks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-35831
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring: Fix release of pinned pages when __io_uaddr_map fails<br /> <br /> Looking at the error path of __io_uaddr_map, if we fail after pinning<br /> the pages for any reasons, ret will be set to -EINVAL and the error<br /> handler won&amp;#39;t properly release the pinned pages.<br /> <br /> I didn&amp;#39;t manage to trigger it without forcing a failure, but it can<br /> happen in real life when memory is heavily fragmented.
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2025

CVE-2024-35832
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bcachefs: kvfree bch_fs::snapshots in bch2_fs_snapshots_exit<br /> <br /> bch_fs::snapshots is allocated by kvzalloc in __snapshot_t_mut.<br /> It should be freed by kvfree not kfree.<br /> Or umount will triger:<br /> <br /> [ 406.829178 ] BUG: unable to handle page fault for address: ffffe7b487148008<br /> [ 406.830676 ] #PF: supervisor read access in kernel mode<br /> [ 406.831643 ] #PF: error_code(0x0000) - not-present page<br /> [ 406.832487 ] PGD 0 P4D 0<br /> [ 406.832898 ] Oops: 0000 [#1] PREEMPT SMP PTI<br /> [ 406.833512 ] CPU: 2 PID: 1754 Comm: umount Kdump: loaded Tainted: G OE 6.7.0-rc7-custom+ #90<br /> [ 406.834746 ] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014<br /> [ 406.835796 ] RIP: 0010:kfree+0x62/0x140<br /> [ 406.836197 ] Code: 80 48 01 d8 0f 82 e9 00 00 00 48 c7 c2 00 00 00 80 48 2b 15 78 9f 1f 01 48 01 d0 48 c1 e8 0c 48 c1 e0 06 48 03 05 56 9f 1f 01 8b 50 08 48 89 c7 f6 c2 01 0f 85 b0 00 00 00 66 90 48 8b 07 f6<br /> [ 406.837810 ] RSP: 0018:ffffb9d641607e48 EFLAGS: 00010286<br /> [ 406.838213 ] RAX: ffffe7b487148000 RBX: ffffb9d645200000 RCX: ffffb9d641607dc4<br /> [ 406.838738 ] RDX: 000065bb00000000 RSI: ffffffffc0d88b84 RDI: ffffb9d645200000<br /> [ 406.839217 ] RBP: ffff9a4625d00068 R08: 0000000000000001 R09: 0000000000000001<br /> [ 406.839650 ] R10: 0000000000000001 R11: 000000000000001f R12: ffff9a4625d4da80<br /> [ 406.840055 ] R13: ffff9a4625d00000 R14: ffffffffc0e2eb20 R15: 0000000000000000<br /> [ 406.840451 ] FS: 00007f0a264ffb80(0000) GS:ffff9a4e2d500000(0000) knlGS:0000000000000000<br /> [ 406.840851 ] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br /> [ 406.841125 ] CR2: ffffe7b487148008 CR3: 000000018c4d2000 CR4: 00000000000006f0<br /> [ 406.841464 ] Call Trace:<br /> [ 406.841583 ] <br /> [ 406.841682 ] ? __die+0x1f/0x70<br /> [ 406.841828 ] ? page_fault_oops+0x159/0x470<br /> [ 406.842014 ] ? fixup_exception+0x22/0x310<br /> [ 406.842198 ] ? exc_page_fault+0x1ed/0x200<br /> [ 406.842382 ] ? asm_exc_page_fault+0x22/0x30<br /> [ 406.842574 ] ? bch2_fs_release+0x54/0x280 [bcachefs]<br /> [ 406.842842 ] ? kfree+0x62/0x140<br /> [ 406.842988 ] ? kfree+0x104/0x140<br /> [ 406.843138 ] bch2_fs_release+0x54/0x280 [bcachefs]<br /> [ 406.843390 ] kobject_put+0xb7/0x170<br /> [ 406.843552 ] deactivate_locked_super+0x2f/0xa0<br /> [ 406.843756 ] cleanup_mnt+0xba/0x150<br /> [ 406.843917 ] task_work_run+0x59/0xa0<br /> [ 406.844083 ] exit_to_user_mode_prepare+0x197/0x1a0<br /> [ 406.844302 ] syscall_exit_to_user_mode+0x16/0x40<br /> [ 406.844510 ] do_syscall_64+0x4e/0xf0<br /> [ 406.844675 ] entry_SYSCALL_64_after_hwframe+0x6e/0x76<br /> [ 406.844907 ] RIP: 0033:0x7f0a2664e4fb
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2025

CVE-2024-35833
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA<br /> <br /> This dma_alloc_coherent() is undone neither in the remove function, nor in<br /> the error handling path of fsl_qdma_probe().<br /> <br /> Switch to the managed version to fix both issues.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-35830
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: tc358743: register v4l2 async device only after successful setup<br /> <br /> Ensure the device has been setup correctly before registering the v4l2<br /> async device, thus allowing userspace to access.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025
Subscribe to Vulnerabilities