Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-3515
Publication date:
12/01/2023
A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-2155
Publication date:
12/01/2023
<br /> A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature<br /> due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports<br /> feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining<br /> unauthorized access to any Power BI reports installed by the customer. <br /> <br /> Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker.<br /> <br /> <br /> <br /> Affected versions <br /> * Lumada APM on-premises version 6.0.0.0 - 6.4.0.*<br /> <br /> <br /> <br /> List of CPEs: <br /> * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:*<br /> * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:*<br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23455
Publication date:
12/01/2023
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2023-23454
Publication date:
12/01/2023
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2022-47927
Publication date:
12/01/2023
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-24913
Publication date:
12/01/2023
Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-4365
Publication date:
12/01/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak the sentry token by changing the configured URL in the Sentry error tracking settings page.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2023-0042
Publication date:
12/01/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-4167
Publication date:
12/01/2023
Incorrect Authorization check affecting all versions of GitLab EE from 13.11 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2 allows group access tokens to continue working even after the group owner loses the ability to revoke them.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-4342
Publication date:
12/01/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
Severity CVSS v4.0: Pending analysis
Last modification:
18/01/2023

CVE-2022-4131
Publication date:
12/01/2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2025

CVE-2022-4345
Publication date:
12/01/2023
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025
Subscribe to Vulnerabilities