Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-10064
Publication date:
17/01/2023
A vulnerability was found in VictorFerraresi pokemon-database-php. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The patch is named dd0e1e6cdf648d6a3deff441f515bcb1d7573d68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218455.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-47853
Publication date:
17/01/2023
TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2022-3650
Publication date:
17/01/2023
A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump, and dump privileged information.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2015-10062
Publication date:
17/01/2023
A vulnerability, which was classified as problematic, was found in galaxy-data-resource up to 14.10.0. This affects an unknown part of the component Command Line Template. The manipulation leads to injection. Upgrading to version 14.10.1 is able to address this issue. The patch is named 50d65f45d3f5be5d1fbff2e45ac5cec075f07d42. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218451.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-41858
Publication date:
17/01/2023
A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2025

CVE-2022-41859
Publication date:
17/01/2023
In freeradius, the EAP-PWD function compute_password_element() leaks information about the password which allows an attacker to substantially reduce the size of an offline dictionary attack.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2022-41860
Publication date:
17/01/2023
In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2022-41861
Publication date:
17/01/2023
A flaw was found in freeradius. A malicious RADIUS client or home server can send a malformed abinary attribute which can cause the server to crash.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2022-4121
Publication date:
17/01/2023
In libetpan a null pointer dereference in mailimap_mailbox_data_status_free in low-level/imap/mailimap_types.c was found that could lead to a remote denial of service or other potential consequences.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2018-14628
Publication date:
17/01/2023
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Severity CVSS v4.0: Pending analysis
Last modification:
22/01/2025

CVE-2022-3091
Publication date:
17/01/2023
RONDS EPM version 1.19.5 has a vulnerability in which a function could <br /> allow unauthenticated users to leak credentials. In some circumstances, <br /> an attacker can exploit this vulnerability to execute operating system <br /> (OS) commands. <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-2893
Publication date:
17/01/2023
RONDS EPM version 1.19.5 does not properly validate the filename <br /> parameter, which could allow an unauthorized user to specify file paths <br /> and download files.  <br /> <br /> <br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities