Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-40180
Publication date:
11/10/2022
A vulnerability has been identified in Desigo PXM30-1 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2022-40179
Publication date:
11/10/2022
A vulnerability has been identified in Desigo PXM30-1 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2022-40178
Publication date:
11/10/2022
A vulnerability has been identified in Desigo PXM30-1 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
12/10/2022

CVE-2022-40227
Publication date:
11/10/2022
A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl. SIPLUS variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2022-40631
Publication date:
11/10/2022
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2022-40181
Publication date:
11/10/2022
A vulnerability has been identified in Desigo PXM30-1 (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2023

CVE-2022-40226
Publication date:
11/10/2022
A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
09/12/2025

CVE-2022-36360
Publication date:
11/10/2022
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2023

CVE-2022-31766
Publication date:
11/10/2022
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2022-31765
Publication date:
11/10/2022
Affected devices do not properly authorize the change password function of the web interface.<br /> This could allow low privileged users to escalate their privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2023

CVE-2022-37616
Publication date:
11/10/2022
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2023

CVE-2022-35289
Publication date:
11/10/2022
A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2022
Subscribe to Vulnerabilities