Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-50216
Publication date:
09/11/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xfs: fix finding a last resort AG in xfs_filestream_pick_ag<br /> <br /> When the main loop in xfs_filestream_pick_ag fails to find a suitable<br /> AG it tries to just pick the online AG. But the loop for that uses<br /> args-&gt;pag as loop iterator while the later code expects pag to be<br /> set. Fix this by reusing the max_pag case for this last resort, and<br /> also add a check for impossible case of no AG just to make sure that<br /> the uninitialized pag doesn&amp;#39;t even escape in theory.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2025

CVE-2024-50215
Publication date:
09/11/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> nvmet-auth: assign dh_key to NULL after kfree_sensitive<br /> <br /> ctrl-&gt;dh_key might be used across multiple calls to nvmet_setup_dhgroup()<br /> for the same controller. So it&amp;#39;s better to nullify it after release on<br /> error path in order to avoid double free later in nvmet_destroy_auth().<br /> <br /> Found by Linux Verification Center (linuxtesting.org) with Svace.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-50212
Publication date:
09/11/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> lib: alloc_tag_module_unload must wait for pending kfree_rcu calls<br /> <br /> Ben Greear reports following splat:<br /> ------------[ cut here ]------------<br /> net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload<br /> WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0<br /> Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat<br /> ...<br /> Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020<br /> RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0<br /> codetag_unload_module+0x19b/0x2a0<br /> ? codetag_load_module+0x80/0x80<br /> <br /> nf_nat module exit calls kfree_rcu on those addresses, but the free<br /> operation is likely still pending by the time alloc_tag checks for leaks.<br /> <br /> Wait for outstanding kfree_rcu operations to complete before checking<br /> resolves this warning.<br /> <br /> Reproducer:<br /> unshare -n iptables-nft -t nat -A PREROUTING -p tcp<br /> grep nf_nat /proc/allocinfo # will list 4 allocations<br /> rmmod nft_chain_nat<br /> rmmod nf_nat # will WARN.<br /> <br /> [akpm@linux-foundation.org: add comment]
Severity CVSS v4.0: Pending analysis
Last modification:
26/09/2025

CVE-2024-51779
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Stranger Studios (WordCamp Philly) Don&amp;#39;t Break The Code allows Reflected XSS.This issue affects Don&amp;#39;t Break The Code: from n/a through .3.1.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51780
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Michael DUMONTET eewee admin custom allows Reflected XSS.This issue affects eewee admin custom: from n/a through 1.8.2.4.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51781
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Loop Now Technologies, Inc. Firework Shoppable Live Video allows Reflected XSS.This issue affects Firework Shoppable Live Video: from n/a through 6.3.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51776
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in samhotchkiss Daily Image allows Reflected XSS.This issue affects Daily Image: from n/a through 1.0.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51778
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Starfish Reviews Satisfaction Reports from Help Scout allows Reflected XSS.This issue affects Satisfaction Reports from Help Scout: from n/a through 2.0.3.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-50539
Publication date:
09/11/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Lodgix Lodgix.Com Vacation Rental Website Builder allows SQL Injection.This issue affects Lodgix.Com Vacation Rental Website Builder: from n/a through 3.9.73.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-50544
Publication date:
09/11/2024
Improper Neutralization of Special Elements used in an SQL Command (&amp;#39;SQL Injection&amp;#39;) vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51762
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Nightshift Creative PropertyShift allows Reflected XSS.This issue affects PropertyShift: from n/a through 1.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024

CVE-2024-51763
Publication date:
09/11/2024
Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Biplob Adhikari Team Showcase and Slider – Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider – Team Members Builder: from n/a through 1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
12/11/2024
Subscribe to Vulnerabilities