Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-1212
Publication date:
07/03/2023
Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
11/03/2023

CVE-2017-20181
Publication date:
07/03/2023
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2023-1211
Publication date:
07/03/2023
SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
16/02/2026

CVE-2022-45141
Publication date:
06/03/2023
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2023-0330
Publication date:
06/03/2023
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.
Severity CVSS v4.0: Pending analysis
Last modification:
19/04/2024

CVE-2022-4134
Publication date:
06/03/2023
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2022-45142
Publication date:
06/03/2023
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2022-3854
Publication date:
06/03/2023
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2023-27891
Publication date:
06/03/2023
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2023

CVE-2022-3857
Publication date:
06/03/2023
Rejected reason: Maintainer contacted. This is a false-positive. The flaw does not actually exist and was erroneously tested.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2022-4904
Publication date:
06/03/2023
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
02/12/2025

CVE-2021-20251
Publication date:
06/03/2023
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2023
Subscribe to Vulnerabilities