Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-35358
Publication date:
30/05/2024
A vulnerability has been discovered in Diño Physics School Assistant version 2.3. The vulnerability impacts an unidentified code within the file /classes/Master.php?f=view_category. Manipulating the argument id can result in SQL injection.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2024-35430
Publication date:
30/05/2024
In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2025

CVE-2024-35432
Publication date:
30/05/2024
ZKTeco ZKBio CVSecurity 6.1.1 is vulnerable to Cross Site Scripting (XSS) via an Audio File. An authenticated user can injection malicious JavaScript code to trigger a Cross Site Scripting.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2025

CVE-2024-32029
Publication date:
30/05/2024
Rejected reason: This CVE is a duplicate of another CVE.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2024

CVE-2023-52882
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change<br /> <br /> While PLL CPUX clock rate change when CPU is running from it works in<br /> vast majority of cases, now and then it causes instability. This leads<br /> to system crashes and other undefined behaviour. After a lot of testing<br /> (30+ hours) while also doing a lot of frequency switches, we can&amp;#39;t<br /> observe any instability issues anymore when doing reparenting to stable<br /> clock like 24 MHz oscillator.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2026

CVE-2024-5517
Publication date:
30/05/2024
A vulnerability was found in itsourcecode Online Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file changepwd.php. The manipulation of the argument useremail leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-266588.
Severity CVSS v4.0: MEDIUM
Last modification:
11/02/2025

CVE-2024-36019
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> regmap: maple: Fix cache corruption in regcache_maple_drop()<br /> <br /> When keeping the upper end of a cache block entry, the entry[] array<br /> must be indexed by the offset from the base register of the block,<br /> i.e. max - mas.index.<br /> <br /> The code was indexing entry[] by only the register address, leading<br /> to an out-of-bounds access that copied some part of the kernel<br /> memory over the cache contents.<br /> <br /> This bug was not detected by the regmap KUnit test because it only<br /> tests with a block of registers starting at 0, so mas.index == 0.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025

CVE-2024-36021
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: hns3: fix kernel crash when devlink reload during pf initialization<br /> <br /> The devlink reload process will access the hardware resources,<br /> but the register operation is done before the hardware is initialized.<br /> So, processing the devlink reload during initialization may lead to kernel<br /> crash. This patch fixes this by taking devl_lock during initialization.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-36022
Publication date:
30/05/2024
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
19/06/2025

CVE-2024-36023
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Julia Lawall reported this null pointer dereference, this should fix it.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2024

CVE-2024-36024
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Disable idle reallow as part of command/gpint execution<br /> <br /> [Why]<br /> Workaroud for a race condition where DMCUB is in the process of<br /> committing to IPS1 during the handshake causing us to miss the<br /> transition into IPS2 and touch the INBOX1 RPTR causing a HW hang.<br /> <br /> [How]<br /> Disable the reallow to ensure that we have enough of a gap between entry<br /> and exit and we&amp;#39;re not seeing back-to-back wake_and_executes.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-36025
Publication date:
30/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()<br /> <br /> The app_reply-&gt;elem[] array is allocated earlier in this function and it<br /> has app_req.num_ports elements. Thus this &gt; comparison needs to be &gt;= to<br /> prevent memory corruption.
Severity CVSS v4.0: Pending analysis
Last modification:
18/09/2025
Subscribe to Vulnerabilities