Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-28582
Publication date:
04/03/2024
Memory corruption in Data Modem while verifying hello-verify message during the DTLS handshake.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-33066
Publication date:
04/03/2024
Memory corruption in Audio while processing RT proxy port register driver.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2023-33078
Publication date:
04/03/2024
Information Disclosure while processing IOCTL request in FastRPC.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2025

CVE-2023-28578
Publication date:
04/03/2024
Memory corruption in Core Services while executing the command for removing a single event listener.
Severity CVSS v4.0: Pending analysis
Last modification:
11/08/2025

CVE-2023-6143
Publication date:
04/03/2024
Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system’s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2023-4479
Publication date:
04/03/2024
Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2026

CVE-2024-26622
Publication date:
04/03/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tomoyo: fix UAF write bug in tomoyo_write_control()<br /> <br /> Since tomoyo_write_control() updates head-&gt;write_buf when write()<br /> of long lines is requested, we need to fetch head-&gt;write_buf after<br /> head-&gt;io_sem is held. Otherwise, concurrent write() requests can<br /> cause use-after-free-write and double-free problems.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2024-21826
Publication date:
04/03/2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2024-21816
Publication date:
04/03/2024
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-46708
Publication date:
04/03/2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-49602
Publication date:
04/03/2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024

CVE-2023-25176
Publication date:
04/03/2024
in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2024
Subscribe to Vulnerabilities