Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-46275

Publication date:
08/06/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths<br /> <br /> Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer<br /> Dereference (NPD) conditions were observed in the lifecycle management<br /> of hci_uart.<br /> <br /> The primary issue arises because the workqueues (init_ready and<br /> write_work) are only flushed/cancelled if the HCI_UART_PROTO_READY<br /> flag is set during TTY close. If a hangup occurs before setup completes,<br /> hci_uart_tty_close() skips the teardown of these workqueues and<br /> proceeds to free the `hu` struct. When the scheduled work executes<br /> later, it blindly dereferences the freed `hu` struct.<br /> <br /> Furthermore, several data races and UAFs were identified in the teardown<br /> sequence:<br /> 1. Calling hci_uart_flush() from hci_uart_close() without effectively<br /> disabling write_work causes a race condition where both can concurrently<br /> double-free hu-&gt;tx_skb. This happens because protocol timers can<br /> concurrently invoke hci_uart_tx_wakeup() and requeue write_work.<br /> 2. Calling hci_free_dev(hdev) before hu-&gt;proto-&gt;close(hu) causes a UAF<br /> when vendor specific protocol close callbacks dereference hu-&gt;hdev.<br /> 3. In the initialization error paths, failing to take the proto_lock<br /> write lock before clearing PROTO_READY leads to races with active<br /> readers. Additionally, hci_uart_tty_receive() accesses hu-&gt;hdev<br /> outside the read lock, leading to UAFs if the initialization error<br /> path frees hdev concurrently.<br /> <br /> Fix these synchronization and lifecycle issues by:<br /> 1. Re-ordering hci_uart_tty_close() to clear HCI_UART_PROTO_READY first,<br /> followed immediately by a cancel_work_sync(&amp;hu-&gt;write_work). Clearing<br /> the flag locks out concurrent protocol timers from successfully invoking<br /> hci_uart_tx_wakeup(), effectively rendering the cancellation permanent<br /> and preventing the tx_skb double-free.<br /> 2. Note: Clearing PROTO_READY early causes hci_uart_close() to skip<br /> hu-&gt;proto-&gt;flush(). This is perfectly safe in the tty_close path<br /> because hu-&gt;proto-&gt;close() executes shortly after, which intrinsically<br /> purges all protocol SKB queues and tears down the state.<br /> 3. Relocating hu-&gt;proto-&gt;close(hu) strictly prior to hci_free_dev(hdev)<br /> across all close and error paths to prevent vendor-level UAFs.<br /> 4. Moving the hdev-&gt;stat.byte_rx increment in hci_uart_tty_receive()<br /> inside the proto_lock read-side critical section to safely synchronize<br /> with device unregistration.<br /> 5. Adding cancel_work_sync(&amp;hu-&gt;write_work) to hci_uart_close() to safely<br /> flush the workqueue before hci_uart_flush() is invoked via the HCI core.<br /> 6. Utilizing cancel_work_sync() instead of disable_work_sync() across<br /> all paths to prevent permanently breaking user-space retry capabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2026

CVE-2026-42535

Publication date:
08/06/2026
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.<br /> <br /> Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2026

CVE-2026-42861

Publication date:
08/06/2026
Flowise is a drag &amp; drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces. This behavior may break tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.
Severity CVSS v4.0: HIGH
Last modification:
11/06/2026

CVE-2026-42862

Publication date:
08/06/2026
Flowise is a drag &amp; drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.
Severity CVSS v4.0: HIGH
Last modification:
11/06/2026

CVE-2026-42863

Publication date:
08/06/2026
Flowise is a drag &amp; drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side validation and authorization checks, an authenticated user can manipulate internal attributes of a chatflow and reassign it to another workspace. This allows cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings. This issue has been patched in version 3.1.2.
Severity CVSS v4.0: HIGH
Last modification:
11/06/2026

CVE-2026-42536

Publication date:
08/06/2026
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content<br /> <br /> This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.<br /> <br /> Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-34194

Publication date:
08/06/2026
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation.<br /> <br /> <br /> <br /> The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled across buffers of different sizes.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2026

CVE-2026-36786

Publication date:
08/06/2026
Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2026

CVE-2026-34356

Publication date:
08/06/2026
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie*<br /> <br /> This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.<br /> <br /> Users are recommended to upgrade to version 2.4.68, which fixes the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2026

CVE-2026-29170

Publication date:
08/06/2026
A cross-site scripting vulnerability exists in mod_proxy_ftp&amp;#39;s HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration.<br /> <br /> Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
09/06/2026

CVE-2026-34355

Publication date:
08/06/2026
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.<br /> Users are recommended to upgrade to version 2.4.68, which fixes this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2026

CVE-2026-11523

Publication date:
08/06/2026
A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the argument gotoUrl can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Severity CVSS v4.0: HIGH
Last modification:
09/06/2026