Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Vulnerabilidades

Con el objetivo de informar, advertir y ayudar a los profesionales sobre las últimas vulnerabilidades de seguridad en sistemas tecnológicos, ponemos a disposición de los usuarios interesados en esta información una base de datos con información en castellano sobre cada una de las últimas vulnerabilidades documentadas y conocidas.

Este repositorio con más de 75.000 registros esta basado en la información de NVD (National Vulnerability Database) – en función de un acuerdo de colaboración – por el cual desde INCIBE realizamos la traducción al castellano de la información incluida. En ocasiones este listado mostrará vulnerabilidades que aún no han sido traducidas debido a que se recogen en el transcurso del tiempo en el que el equipo de INCIBE realiza el proceso de traducción.

Se emplea el estándar de nomenclatura de vulnerabilidades CVE (Common Vulnerabilities and Exposures), con el fin de facilitar el intercambio de información entre diferentes bases de datos y herramientas. Cada una de las vulnerabilidades recogidas enlaza a diversas fuentes de información así como a parches disponibles o soluciones aportadas por los fabricantes y desarrolladores. Es posible realizar búsquedas avanzadas teniendo la opción de seleccionar diferentes criterios como el tipo de vulnerabilidad, fabricante, tipo de impacto entre otros, con el fin de acortar los resultados.

Mediante suscripción RSS o Boletines podemos estar informados diariamente de las últimas vulnerabilidades incorporadas al repositorio.

CVE-2026-16229

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A flaw has been found in itsourcecode Courier Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. Executing a manipulation of the argument page can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
Gravedad CVSS v4.0: BAJA
Última modificación:
19/07/2026

CVE-2026-16227

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /edit_subject.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Gravedad CVSS v4.0: MEDIA
Última modificación:
19/07/2026

CVE-2026-53369

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> udf: reject descriptors with oversized CRC length<br /> <br /> udf_read_tagged() skips CRC verification when descCRCLength +<br /> sizeof(struct tag) exceeds the block size. A crafted UDF image can<br /> set descCRCLength to an oversized value to bypass CRC validation<br /> entirely; the descriptor is then accepted based solely on the 8-bit<br /> tag checksum, which is trivially recomputable.<br /> <br /> Reject such descriptors instead of silently accepting them. A<br /> legitimate single-block descriptor should never have a CRC length that<br /> exceeds the block.
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-53370

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> perf/x86/intel: Improve validation and configuration of ACR masks<br /> <br /> Currently there are several issues on the user space ACR mask validation<br /> and configuration.<br /> - The validation for user space ACR mask (attr.config2) is incomplete,<br /> e.g., the ACR mask could include the index which belongs to another<br /> ACR events group, but it&amp;#39;s not validated.<br /> - An early return on an invalid ACR mask caused all subsequent ACR groups<br /> to be skipped.<br /> - The stale hardware ACR mask (hw.config1) is not cleared before setting<br /> new hardware ACR mask.<br /> <br /> The following changes address all of the above issues.<br /> - Figure out the event index group of an ACR group. Any bits in the<br /> user-space mask not present in the index group are now dropped.<br /> - Instead of an early return on invalid bits, drop only the invalid<br /> portions and continue iterating through all ACR events to ensure full<br /> configuration.<br /> - Explicitly clear the stale hardware ACR mask for each event prior to<br /> writing the new configuration.<br /> <br /> Besides, a non-leader event member of ACR group could be disabled in<br /> theory. This could cause bit-shifting errors in the acr_mask of remaining<br /> group members. But since ACR sampling requires all events to be active,<br /> this should not be a big concern in real use case. Add a "FIXME" comment<br /> to notice this risk.
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-53371

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RDMA/ionic: bound node_desc sysfs read with %.64s<br /> <br /> node_desc[64] in struct ib_device is not guaranteed to be NUL-<br /> terminated. The core IB sysfs handler uses "%.64s" for exactly this<br /> reason (drivers/infiniband/core/sysfs.c:1307), since node_desc_store()<br /> performs a raw memcpy of up to IB_DEVICE_NODE_DESC_MAX bytes with no NUL<br /> termination:<br /> <br /> memcpy(desc.node_desc, buf, min_t(int, count, IB_DEVICE_NODE_DESC_MAX));<br /> <br /> If exactly 64 bytes are written via the node_desc sysfs file, the array<br /> contains no NUL byte. The ionic hca_type_show() handler uses unbounded<br /> "%s" and will read past the end of node_desc into adjacent fields of<br /> struct ib_device until it encounters a NUL.<br /> <br /> ionic supports IB_DEVICE_MODIFY_NODE_DESC, so this is triggerable by<br /> userspace.<br /> <br /> Match the core handler and bound the format specifier.
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-53372

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/vt-d: Block PASID attachment to nested domain with dirty tracking<br /> <br /> Kernel lacks dirty tracking support on nested domain attached to PASID,<br /> fails the attachment early if nesting parent domain is dirty tracking<br /> configured, otherwise dirty pages would be lost.
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-16224

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the patch is dc2b6910a423b3bfadeffaa303e1ba75cfb33900. Applying a patch is the recommended action to fix this issue.
Gravedad CVSS v4.0: MEDIA
Última modificación:
19/07/2026

CVE-2026-16225

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A security flaw has been discovered in davenardella snap7 up to 1.4.3. The impacted element is the function TSnap7Peer::NegotiatePDULength of the file src/core/s7_peer.cpp. The manipulation of the argument PDULength results in out-of-bounds write. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Gravedad CVSS v4.0: BAJA
Última modificación:
19/07/2026

CVE-2026-16226

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A weakness has been identified in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_settings of the file /admin/admin_class_novo.php. This manipulation of the argument img causes unrestricted upload. The attack is possible to be carried out remotely.
Gravedad CVSS v4.0: MEDIA
Última modificación:
19/07/2026

CVE-2026-53367

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> selinux: fix avdcache auditing<br /> <br /> The per-task avdcache was incorrectly saving and reusing the<br /> audited vector computed by avc_audit_required() rather than<br /> recomputing based on the currently requested permissions and<br /> distinguishing the denied versus allowed cases. As a result,<br /> some permission checks were not being audited, e.g.<br /> directory write checks after a previously cached directory<br /> search check.<br /> <br /> [PM: line wrap tweaks]
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-53368

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> f2fs: fix fsck inconsistency caused by incorrect nat_entry flag usage<br /> <br /> f2fs_need_dentry_mark() reads nat_entry flags without mutual exclusion<br /> with the checkpoint path, which can result in an incorrect inode block<br /> marking state. The scenario is as follows:<br /> <br /> create &amp; write &amp; fsync &amp;#39;file A&amp;#39; write checkpoint<br /> - f2fs_do_sync_file // inline inode<br /> - f2fs_write_inode // inode folio is dirty<br /> - f2fs_write_checkpoint<br /> - f2fs_flush_merged_writes<br /> - f2fs_sync_node_pages<br /> - f2fs_fsync_node_pages // no dirty node<br /> - f2fs_need_inode_block_update // return true<br /> - f2fs_fsync_node_pages // inode dirtied<br /> - f2fs_need_dentry_mark //return true<br /> - f2fs_flush_nat_entries<br /> - f2fs_write_checkpoint end<br /> - __write_node_folio // inode with DENT_BIT_SHIFT set<br /> SPO, "fsck --dry-run" find inode has already checkpointed but still<br /> with DENT_BIT_SHIFT set<br /> <br /> The state observed by f2fs_need_dentry_mark() can differ from the state<br /> observed in __write_node_folio() after acquiring sbi-&gt;node_write. The<br /> root cause is that the semantics of IS_CHECKPOINTED and<br /> HAS_FSYNCED_INODE are only guaranteed after the checkpoint write has<br /> fully completed.<br /> <br /> This patch moves set_dentry_mark() into __write_node_folio() and<br /> protects it with the sbi-&gt;node_write lock.
Gravedad: Pendiente de análisis
Última modificación:
19/07/2026

CVE-2026-16223

Fecha de publicación:
19/07/2026
Idioma:
Inglés
*** Pendiente de traducción *** A vulnerability was determined in 1Panel-dev CordysCRM up to 1.4.1. Impacted is the function getSqlBotSrc of the file backend/crm/src/main/java/cn/cordys/crm/system/service/IntegrationConfigService.java of the component Third Party Edit Endpoint. Executing a manipulation of the argument appSecret can lead to server-side request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Gravedad CVSS v4.0: BAJA
Última modificación:
19/07/2026