Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-4041
Publication date:
31/01/2023
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.<br /> This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-4441
Publication date:
31/01/2023
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.<br /> This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-44897
Publication date:
31/01/2023
A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the show_number parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2022-30421
Publication date:
31/01/2023
Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2025

CVE-2022-40258
Publication date:
31/01/2023
AMI Megarac Weak password hashes for<br /> Redfish &amp; API
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2022-48176
Publication date:
31/01/2023
Netgear routers R7000P before v1.3.3.154, R6900P before v1.3.3.154, R7960P before v1.4.4.94, and R8000P before v1.4.4.94 were discovered to contain a pre-authentication stack overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2022-45897
Publication date:
31/01/2023
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025

CVE-2023-22389
Publication date:
30/01/2023
<br /> Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore–&gt;Backup Settings, which could be read by any user accessing the file.  <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-23582
Publication date:
30/01/2023
<br /> Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. <br /> <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-32529
Publication date:
30/01/2023
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow, potentially leading to remote code execution when an attacker sends specially crafted log data request messages. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)
Severity CVSS v4.0: Pending analysis
Last modification:
08/02/2023

CVE-2022-32528
Publication date:
30/01/2023
<br /> A CWE-306: Missing Authentication for Critical Function vulnerability exists that could<br /> cause access to manipulate and read specific files in the IGSS project report directory,<br /> potentially leading to a denial-of-service condition when an attacker sends specific messages.<br /> <br /> Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22170)<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2022-48175
Publication date:
30/01/2023
Rukovoditel v3.2.1 was discovered to contain a remote code execution (RCE) vulnerability in the component /rukovoditel/index.php?module=dashboard/ajax_request.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2025
Subscribe to Vulnerabilities