Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-5517
Publication date:
30/05/2024
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-36019
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> regmap: maple: Fix cache corruption in regcache_maple_drop()<br /> <br /> When keeping the upper end of a cache block entry, the entry[] array<br /> must be indexed by the offset from the base register of the block,<br /> i.e. max - mas.index.<br /> <br /> The code was indexing entry[] by only the register address, leading<br /> to an out-of-bounds access that copied some part of the kernel<br /> memory over the cache contents.<br /> <br /> This bug was not detected by the regmap KUnit test because it only<br /> tests with a block of registers starting at 0, so mas.index == 0.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-36021
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hns3: fix kernel crash when devlink reload during pf initialization<br /> <br /> The devlink reload process will access the hardware resources,<br /> but the register operation is done before the hardware is initialized.<br /> So, processing the devlink reload during initialization may lead to kernel<br /> crash. This patch fixes this by taking devl_lock during initialization.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-36022
Publication date:
30/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2025

CVE-2024-36023
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Julia Lawall reported this null pointer dereference, this should fix it.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2024

CVE-2024-36024
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Disable idle reallow as part of command/gpint execution<br /> <br /> [Why]<br /> Workaroud for a race condition where DMCUB is in the process of<br /> committing to IPS1 during the handshake causing us to miss the<br /> transition into IPS2 and touch the INBOX1 RPTR causing a HW hang.<br /> <br /> [How]<br /> Disable the reallow to ensure that we have enough of a gap between entry<br /> and exit and we&amp;#39;re not seeing back-to-back wake_and_executes.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-36025
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()<br /> <br /> The app_reply-&gt;elem[] array is allocated earlier in this function and it<br /> has app_req.num_ports elements. Thus this &gt; comparison needs to be &gt;= to<br /> prevent memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-36026
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11<br /> <br /> While doing multiple S4 stress tests, GC/RLC/PMFW get into<br /> an invalid state resulting into hard hangs.<br /> <br /> Adding a GFX reset as workaround just before sending the<br /> MP1_UNLOAD message avoids this failure.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-3924
Publication date:
30/05/2024
A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installing a software package. An attacker can exploit this by forking the repository, creating a branch with a malicious payload as the name, and then opening a pull request to the base repository. Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. This issue affects versions up to and including v2.0.0 and was fixed in version 2.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2024

CVE-2024-4330
Publication date:
30/05/2024
A path traversal vulnerability was identified in the parisneo/lollms-webui repository, specifically within version 9.6. The vulnerability arises due to improper handling of user-supplied input in the &amp;#39;list_personalities&amp;#39; endpoint. By crafting a malicious HTTP request, an attacker can traverse the directory structure and view the contents of any folder, albeit limited to subfolder names only. This issue was demonstrated via a specific HTTP request that manipulated the &amp;#39;category&amp;#39; parameter to access arbitrary directories. The vulnerability is present in the code located at the &amp;#39;endpoints/lollms_advanced.py&amp;#39; file.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2024-36020
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> i40e: fix vf may be used uninitialized in this function warning<br /> <br /> To fix the regression introduced by commit 52424f974bc5, which causes<br /> servers hang in very hard to reproduce conditions with resets races.<br /> Using two sources for the information is the root cause.<br /> In this function before the fix bumping v didn&amp;#39;t mean bumping vf<br /> pointer. But the code used this variables interchangeably, so stale vf<br /> could point to different/not intended vf.<br /> <br /> Remove redundant "v" variable and iterate via single VF pointer across<br /> whole function instead to guarantee VF pointer validity.
Severity CVSS v4.0: Pending analysis
Last modification:
23/12/2025

CVE-2024-35504
Publication date:
30/05/2024
A cross-site scripting (XSS) vulnerability in the login page of FineSoft v8.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL:errorname parameter after a failed login attempt.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2025
Subscribe to Vulnerabilities