Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47060
Publication date:
29/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: Stop looking for coalesced MMIO zones if the bus is destroyed<br /> <br /> Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()<br /> fails to allocate memory for the new instance of the bus. If it can&amp;#39;t<br /> instantiate a new bus, unregister_dev() destroys all devices _except_ the<br /> target device. But, it doesn&amp;#39;t tell the caller that it obliterated the<br /> bus and invoked the destructor for all devices that were on the bus. In<br /> the coalesced MMIO case, this can result in a deleted list entry<br /> dereference due to attempting to continue iterating on coalesced_zones<br /> after future entries (in the walk) have been deleted.<br /> <br /> Opportunistically add curly braces to the for-loop, which encompasses<br /> many lines but sneaks by without braces due to the guts being a single<br /> if statement.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2021-47064
Publication date:
29/02/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mt76: fix potential DMA mapping leak<br /> <br /> With buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap<br /> could potentially inherit a non-zero value from stack garbage.<br /> If this happens, it will cause DMA mappings for MCU command frames to not be<br /> unmapped after completion
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2024-24246
Publication date:
29/02/2024
Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2024

CVE-2024-27661
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2024-27660
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2024-27659
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
17/03/2025

CVE-2024-0068
Publication date:
29/02/2024
Improper Link Resolution Before File Access (&amp;#39;Link Following&amp;#39;) vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-2009
Publication date:
29/02/2024
A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2024-1595
Publication date:
29/02/2024
Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82<br /> <br /> insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2024-27662
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2024-27658
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2025

CVE-2024-27657
Publication date:
29/02/2024
D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2025
Subscribe to Vulnerabilities