Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-46719
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: typec: ucsi: Fix null pointer dereference in trace<br /> <br /> ucsi_register_altmode checks IS_ERR for the alt pointer and treats<br /> NULL as valid. When CONFIG_TYPEC_DP_ALTMODE is not enabled,<br /> ucsi_register_displayport returns NULL which causes a NULL pointer<br /> dereference in trace. Rather than return NULL, call<br /> typec_port_register_altmode to register DisplayPort alternate mode<br /> as a non-controllable mode when CONFIG_TYPEC_DP_ALTMODE is not enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46720
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix dereference after null check<br /> <br /> check the pointer hive before use.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46722
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix mc_data out-of-bounds read warning<br /> <br /> Clear warning that read mc_data[i-1] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46723
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: fix ucode out-of-bounds read warning<br /> <br /> Clear warning that read ucode[] may out-of-bounds.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46724
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number<br /> <br /> Check the fb_channel_number range to avoid the array out-of-bounds<br /> read error
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-46726
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amd/display: Ensure index calculation will not overflow<br /> <br /> [WHY &amp; HOW]<br /> Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will<br /> never overflow and exceess array size.<br /> <br /> This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2024-43778
Publication date:
18/09/2024
OS command injection vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-46715
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> driver: iio: add missing checks on iio_info&amp;#39;s callback access<br /> <br /> Some callbacks from iio_info structure are accessed without any check, so<br /> if a driver doesn&amp;#39;t implement them trying to access the corresponding<br /> sysfs entries produce a kernel oops such as:<br /> <br /> [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute<br /> [...]<br /> [ 2203.783416] Call trace:<br /> [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48<br /> [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120<br /> [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4<br /> [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0<br /> [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4<br /> [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54<br /> [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0)<br /> [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000<br /> [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000<br /> [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0<br /> [ 2203.830363] Code: bad PC value<br /> [ 2203.832695] ---[ end trace 0000000000000000 ]---
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2026

CVE-2024-46725
Publication date:
18/09/2024
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/amdgpu: Fix out-of-bounds write warning<br /> <br /> Check the ring type value to fix the out-of-bounds<br /> write warning
Severity CVSS v4.0: Pending analysis
Last modification:
21/04/2026

CVE-2024-41929
Publication date:
18/09/2024
Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2026

CVE-2024-42404
Publication date:
18/09/2024
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025

CVE-2024-45366
Publication date:
18/09/2024
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user&amp;#39;s web browser.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2025
Subscribe to Vulnerabilities