Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52673

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a debugfs null pointer error [WHY & HOW] Check whether get_subvp_en() callback exists before calling it.

Severity CVSS v4.0: Pending analysis

Last modification:

19/09/2025

CVE-2024-34919

Publication date:

17/05/2024

An arbitrary file upload vulnerability in the component \modstudent\controller.php of Pisay Online E-Learning System using PHP/MySQL v1.0 allows attackers to execute arbitrary code via uploading a crafted file.

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2024

CVE-2023-52670

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 bytes): 72 70 6d 73 67 5f 6e 73 00 00 00 00 00 00 00 00 rpmsg_ns........ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] __kmem_cache_alloc_node+0x1f8/0x320 [] __kmalloc_node_track_caller+0x44/0x70 [] kstrndup+0x4c/0x90 [] driver_set_override+0xd0/0x164 [] rpmsg_register_device_override+0x98/0x170 [] rpmsg_ns_register_device+0x24/0x30 [] rpmsg_probe+0x2e0/0x3ec [] virtio_dev_probe+0x1c0/0x280 [] really_probe+0xbc/0x2dc [] __driver_probe_device+0x78/0xe0 [] driver_probe_device+0xd8/0x160 [] __device_attach_driver+0xb8/0x140 [] bus_for_each_drv+0x7c/0xd4 [] __device_attach+0x9c/0x19c [] device_initial_probe+0x14/0x20 [] bus_probe_device+0xa0/0xac

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2025

CVE-2023-52672

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: pipe: wakeup wr_wait after setting max_usage Commit c73be61cede5 ("pipe: Add general notification queue support") a regression was introduced that would lock up resized pipes under certain conditions. See the reproducer in [1]. The commit resizing the pipe ring size was moved to a different function, doing that moved the wakeup for pipe->wr_wait before actually raising pipe->max_usage. If a pipe was full before the resize occured it would result in the wakeup never actually triggering pipe_write. Set @max_usage and @nr_accounted before waking writers if this isn&#39;t a watch queue. [Christian Brauner : rewrite to account for watch queues]

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2025

CVE-2023-52665

Publication date:

17/05/2024

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity CVSS v4.0: Pending analysis

Last modification:

21/05/2024

CVE-2023-52666

Publication date:

17/05/2024

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity CVSS v4.0: Pending analysis

Last modification:

12/06/2024

CVE-2023-52667

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a potential double-free in fs_any_create_groups When kcalloc() for ft->g succeeds but kvzalloc() for in fails, fs_any_create_groups() will free ft->g. However, its caller fs_any_create_table() will free ft->g again through calling mlx5e_destroy_flow_table(), which will lead to a double-free. Fix this by setting ft->g to NULL in fs_any_create_groups().

Severity CVSS v4.0: Pending analysis

Last modification:

10/01/2025

CVE-2023-52668

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix lock ordering in btrfs_zone_activate() The btrfs CI reported a lockdep warning as follows by running generic generic/129. WARNING: possible circular locking dependency detected 6.7.0-rc5+ #1 Not tainted ------------------------------------------------------ kworker/u5:5/793427 is trying to acquire lock: ffff88813256d028 (&cache->lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x5e/0x130 but task is already holding lock: ffff88810a23a318 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}, at: btrfs_zone_finish_one_bg+0x34/0x130 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&fs_info->zone_active_bgs_lock){+.+.}-{2:2}: ... -> #0 (&cache->lock){+.+.}-{2:2}: ... This is because we take fs_info->zone_active_bgs_lock after a block_group&#39;s lock in btrfs_zone_activate() while doing the opposite in other places. Fix the issue by expanding the fs_info->zone_active_bgs_lock&#39;s critical section and taking it before a block_group&#39;s lock.

Severity CVSS v4.0: Pending analysis

Last modification:

19/09/2025

CVE-2023-52669

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes - Fix buffer overread in CTR mode When processing the last block, the s390 ctr code will always read a whole block, even if there isn&#39;t a whole block of data left. Fix this by using the actual length left and copy it into a buffer first for processing.

Severity CVSS v4.0: Pending analysis

Last modification:

23/12/2025

CVE-2023-52661

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() If clk_get_sys(..., "pll_d2_out0") fails, the clk_get_sys() call must be undone. Add the missing clk_put and a new &#39;put_pll_d_out0&#39; label in the error handling path, and use it.

Severity CVSS v4.0: Pending analysis

Last modification:

19/09/2025

CVE-2023-52662

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node When ida_alloc_max fails, resources allocated before should be freed, including *res allocated by kmalloc and ttm_resource_init.

Severity CVSS v4.0: Pending analysis

Last modification:

14/01/2025

CVE-2023-52663

Publication date:

17/05/2024

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() Driver uses kasprintf() to initialize fw_{code,data}_bin members of struct acp_dev_data, but kfree() is never called to deallocate the memory, which results in a memory leak. Fix the issue by switching to devm_kasprintf(). Additionally, ensure the allocation was successful by checking the pointer validity.

Severity CVSS v4.0: Pending analysis

Last modification:

07/01/2025

Subscribe to Vulnerabilities