Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-52677
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> riscv: Check if the code to patch lies in the exit section<br /> <br /> Otherwise we fall through to vmalloc_to_page() which panics since the<br /> address does not lie in the vmalloc region.
Severity CVSS v4.0: Pending analysis
Last modification:
25/09/2025

CVE-2024-5049
Publication date:
17/05/2024
A vulnerability, which was classified as critical, has been found in Codezips E-Commerce Site 1.0. Affected by this issue is some unknown functionality of the file admin/editproduct.php. The manipulation of the argument profilepic leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264746 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2024-5050
Publication date:
17/05/2024
A vulnerability, which was classified as critical, was found in Wangshen SecGate 3600 up to 20240516. This affects an unknown part of the file /?g=log_import_save. The manipulation of the argument reqfile leads to unrestricted upload. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-264747.
Severity CVSS v4.0: Pending analysis
Last modification:
04/06/2024

CVE-2024-5042
Publication date:
17/05/2024
A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster.
Severity CVSS v4.0: Pending analysis
Last modification:
17/07/2024

CVE-2024-5047
Publication date:
17/05/2024
A vulnerability classified as critical has been found in SourceCodester Student Management System 1.0. Affected is an unknown function of the file /student/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264744.
Severity CVSS v4.0: MEDIUM
Last modification:
10/02/2025

CVE-2024-5048
Publication date:
17/05/2024
A vulnerability classified as critical was found in code-projects Budget Management 1.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument edit leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264745 was assigned to this vulnerability.
Severity CVSS v4.0: MEDIUM
Last modification:
03/03/2025

CVE-2024-35834
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xsk: recycle buffer in case Rx queue was full<br /> <br /> Add missing xsk_buff_free() call when __xsk_rcv_zc() failed to produce<br /> descriptor to XSK Rx queue.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35835
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5e: fix a double-free in arfs_create_groups<br /> <br /> When `in` allocated by kvzalloc fails, arfs_create_groups will free<br /> ft-&gt;g and return an error. However, arfs_create_table, the only caller of<br /> arfs_create_groups, will hold this error and call to<br /> mlx5e_destroy_flow_table, in which the ft-&gt;g will be freed again.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2024-35836
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dpll: fix pin dump crash for rebound module<br /> <br /> When a kernel module is unbound but the pin resources were not entirely<br /> freed (other kernel module instance of the same PCI device have had kept<br /> the reference to that pin), and kernel module is again bound, the pin<br /> properties would not be updated (the properties are only assigned when<br /> memory for the pin is allocated), prop pointer still points to the<br /> kernel module memory of the kernel module which was deallocated on the<br /> unbind.<br /> <br /> If the pin dump is invoked in this state, the result is a kernel crash.<br /> Prevent the crash by storing persistent pin properties in dpll subsystem,<br /> copy the content from the kernel module when pin is allocated, instead of<br /> using memory of the kernel module.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35838
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> wifi: mac80211: fix potential sta-link leak<br /> <br /> When a station is allocated, links are added but not<br /> set to valid yet (e.g. during connection to an AP MLD),<br /> we might remove the station without ever marking links<br /> valid, and leak them. Fix that.
Severity CVSS v4.0: Pending analysis
Last modification:
19/09/2025

CVE-2024-35837
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: mvpp2: clear BM pool before initialization<br /> <br /> Register value persist after booting the kernel using<br /> kexec which results in kernel panic. Thus clear the<br /> BM pool registers before initialisation to fix the issue.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2025

CVE-2024-35829
Publication date:
17/05/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/lima: fix a memleak in lima_heap_alloc<br /> <br /> When lima_vm_map_bo fails, the resources need to be deallocated, or<br /> there will be memleaks.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025
Subscribe to Vulnerabilities