Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2026-9813

Publication date:
28/05/2026
FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specified destination. Due to insufficient validation of the URL scheme and resolved destination address, affected versions may allow requests to loopback, link-local, private, reserved, or other restricted network resources, potentially enabling interaction with internal services or cloud metadata endpoints from the server's network context.
Severity CVSS v4.0: MEDIUM
Last modification:
04/06/2026

CVE-2026-46241

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> spi: mpc52xx: fix use-after-free on registration failure<br /> <br /> Make sure to disable and free the interrupts in case controller<br /> registration fails to avoid a potential use-after-free and resource<br /> leak.<br /> <br /> This issue was flagged by Sashiko when reviewing a controller<br /> deregistration fix.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46240

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: iris: Fix use-after-free in iris_release_internal_buffers()<br /> <br /> The recent change in commit 1dabf00ee206 ("media: iris: gen1: Destroy<br /> internal buffers after FW releases") introduced a regression where<br /> session_release_buf() may free the buffer. The caller,<br /> iris_release_internal_buffers(), continued to access `buffer` after the<br /> call, leading to a potential use-after-free.<br /> <br /> Fix this by setting BUF_ATTR_PENDING_RELEASE before calling<br /> session_release_buf(), and reverting the flag if the call fails. This<br /> ensures no dereference occurs after potential freeing.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46239

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl<br /> <br /> Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly<br /> return without calling pm_runtime_put(), causing runtime PM reference<br /> count leaks.<br /> <br /> Change these cases from &amp;#39;return&amp;#39; to &amp;#39;ret = ... break&amp;#39; pattern to ensure<br /> pm_runtime_put() is always called before function exit.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46238

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> batman-adv: stop caching unowned originator pointers in BAT IV<br /> <br /> BAT IV keeps the last-hop neighbor address in each neigh_node, but some<br /> paths also cache an originator pointer derived from a temporary lookup.<br /> That pointer is not owned by the neigh_node and may no longer refer to a<br /> live originator entry after purge handling runs.<br /> <br /> Stop storing the auxiliary originator pointer in the BAT IV neighbor<br /> state. When BAT IV needs the neighbor originator data, resolve it from<br /> the stored neighbor address and drop the reference again after use.<br /> <br /> [sven: avoid bonding logic for outgoing OGM]
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46236

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: rc: xbox_remote: heed DMA restrictions<br /> <br /> The buffer for IO must not be part of the device structure<br /> because that violates the DMA coherency rules.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46235

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> media: saa7164: add ioremap return checks and cleanups<br /> <br /> Add checks for ioremap return values in saa7164_dev_setup(). If<br /> ioremap for BAR0 or BAR2 fails, release the already allocated PCI<br /> memory regions, remove the device from the global list, decrement<br /> the device count, and return -ENODEV.<br /> <br /> This prevents potential null pointer dereferences and ensures proper<br /> cleanup on memory mapping failures.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46234

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vsock: fix buffer size clamping order<br /> <br /> In vsock_update_buffer_size(), the buffer size was being clamped to the<br /> maximum first, and then to the minimum. If a user sets a minimum buffer<br /> size larger than the maximum, the minimum check overrides the maximum<br /> check, inverting the constraint.<br /> <br /> This breaks the intended socket memory boundaries by allowing the<br /> vsk-&gt;buffer_size to grow beyond the configured vsk-&gt;buffer_max_size.<br /> <br /> Fix this by checking the minimum first, and then the maximum. This<br /> ensures the buffer size never exceeds the buffer_max_size.
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026

CVE-2026-46237

Publication date:
28/05/2026
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2026

CVE-2026-4377

Publication date:
28/05/2026
Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number.<br /> <br /> This issue was fixed in version 1.00B16CP.
Severity CVSS v4.0: MEDIUM
Last modification:
28/05/2026

CVE-2026-47074

Publication date:
28/05/2026
Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation.<br /> <br /> This vulnerability is associated with program files lib/ex_aws/sns.ex, lib/ex_aws/sns/public_key_cache.ex and program routines &amp;#39;Elixir.ExAws.SNS&amp;#39;:verify_message/1, &amp;#39;Elixir.ExAws.SNS.PublicKeyCache&amp;#39;:get/1.<br /> <br /> &amp;#39;Elixir.ExAws.SNS&amp;#39;:verify_message/1 fetches the signing certificate from the SigningCertURL field of the incoming SNS message without validating that the URL uses HTTPS or that the host matches an AWS-owned SNS certificate domain. An unauthenticated attacker who can POST to an endpoint that calls verify_message/1 can supply an attacker-controlled SigningCertURL, sign a forged SNS message with their own key, and cause the function to return :ok, completely bypassing SNS signature verification.<br /> <br /> This issue affects ex_aws_sns: from 2.0.1 before 2.3.5.
Severity CVSS v4.0: HIGH
Last modification:
29/05/2026

CVE-2026-46224

Publication date:
28/05/2026
In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure<br /> <br /> When drm_gpuvm_resv_object_alloc() fails, the pre-allocated storage bo<br /> is not freed. Add xe_bo_free(storage) before returning the error.<br /> <br /> xe_dma_buf_init_obj() calls xe_bo_init_locked(), which frees the bo on<br /> error. Therefore, xe_dma_buf_init_obj() must also free the bo on its own<br /> error paths. Otherwise, since xe_gem_prime_import() cannot distinguish<br /> whether the failure originated from xe_dma_buf_init_obj() or from<br /> xe_bo_init_locked(), it cannot safely decide whether the bo should be<br /> freed.<br /> <br /> Add comments documenting the ownership semantics: on success, ownership<br /> of storage is transferred to the returned drm_gem_object; on failure,<br /> storage is freed before returning.<br /> <br /> v2: Add comments to explain the free logic.<br /> <br /> (cherry picked from commit 78a6c5f899f22338bbf48b44fb8950409c5a69b9)
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2026