Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-47504
Publication date:
24/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> io_uring: ensure task_work gets run as part of cancelations<br /> <br /> If we successfully cancel a work item but that work item needs to be<br /> processed through task_work, then we can be sleeping uninterruptibly<br /> in io_uring_cancel_generic() and never process it. Hence we don&amp;#39;t<br /> make forward progress and we end up with an uninterruptible sleep<br /> warning.<br /> <br /> While in there, correct a comment that should be IFF, not IIF.
Severity CVSS v4.0: Pending analysis
Last modification:
29/09/2025

CVE-2021-47499
Publication date:
24/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove<br /> <br /> When ACPI type is ACPI_SMO8500, the data-&gt;dready_trig will not be set, the<br /> memory allocated by iio_triggered_buffer_setup() will not be freed, and cause<br /> memory leak as follows:<br /> <br /> unreferenced object 0xffff888009551400 (size 512):<br /> comm "i2c-SMO8500-125", pid 911, jiffies 4294911787 (age 83.852s)<br /> hex dump (first 32 bytes):<br /> 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................<br /> 00 00 00 00 00 00 00 00 20 e2 e5 c0 ff ff ff ff ........ .......<br /> backtrace:<br /> [] kmem_cache_alloc_trace+0x16d/0x360<br /> [] iio_kfifo_allocate+0x41/0x130 [kfifo_buf]<br /> [] iio_triggered_buffer_setup_ext+0x2c/0x210 [industrialio_triggered_buffer]<br /> [] kxcjk1013_probe+0x10c3/0x1d81 [kxcjk_1013]<br /> <br /> Fix it by remove data-&gt;dready_trig condition in probe and remove.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2021-47500
Publication date:
24/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iio: mma8452: Fix trigger reference couting<br /> <br /> The mma8452 driver directly assigns a trigger to the struct iio_dev. The<br /> IIO core when done using this trigger will call `iio_trigger_put()` to drop<br /> the reference count by 1.<br /> <br /> Without the matching `iio_trigger_get()` in the driver the reference count<br /> can reach 0 too early, the trigger gets freed while still in use and a<br /> use-after-free occurs.<br /> <br /> Fix this by getting a reference to the trigger before assigning it to the<br /> IIO device.
Severity CVSS v4.0: Pending analysis
Last modification:
06/01/2025

CVE-2024-35591
Publication date:
24/05/2024
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
30/09/2025

CVE-2024-35592
Publication date:
24/05/2024
An arbitrary file upload vulnerability in the Upload function of Box-IM v2.0 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/08/2024

CVE-2024-35593
Publication date:
24/05/2024
An arbitrary file upload vulnerability in the File preview function of Raingad IM v4.1.4 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2024

CVE-2024-35595
Publication date:
24/05/2024
An arbitrary file upload vulnerability in the File Preview function of Xintongda OA v2023.12.30.1 allows attackers to execute arbitrary code via uploading a crafted PDF file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2024-5273
Publication date:
24/05/2024
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by editing the workspace path.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2025

CVE-2023-49574
Publication date:
24/05/2024
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2025

CVE-2023-49575
Publication date:
24/05/2024
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2024-5318
Publication date:
24/05/2024
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts.
Severity CVSS v4.0: Pending analysis
Last modification:
13/12/2024

CVE-2023-49572
Publication date:
24/05/2024
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page loads.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025
Subscribe to Vulnerabilities