Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-38075
Publication date:
18/11/2022
Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in Mantenimiento web plugin
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-38974
Publication date:
18/11/2022
Broken Access Control vulnerability in WPML Multilingual CMS premium plugin
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-44379
Publication date:
18/11/2022
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44378
Publication date:
18/11/2022
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-45474
Publication date:
18/11/2022
drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-45473
Publication date:
18/11/2022
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-44204
Publication date:
18/11/2022
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-45471
Publication date:
18/11/2022
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-24038
Publication date:
18/11/2022
Karmasis Informatics Infraskope SIEM+<br /> <br /> has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024

CVE-2022-24037
Publication date:
18/11/2022
Karmasis Informatics Infraskope SIEM+<br /> <br /> has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2022-43308
Publication date:
18/11/2022
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-24939
Publication date:
18/11/2022
<br />  A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities