Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-3707
Publication date:
06/03/2023
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2022-3424
Publication date:
06/03/2023
A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2021-36402
Publication date:
06/03/2023
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2021-36403
Publication date:
06/03/2023
In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2022-3277
Publication date:
06/03/2023
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2008-10004
Publication date:
06/03/2023
A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-8720
Publication date:
06/03/2023
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2025

CVE-2023-26601
Publication date:
06/03/2023
Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS).
Severity CVSS v4.0: Pending analysis
Last modification:
13/03/2023

CVE-2023-24217
Publication date:
06/03/2023
AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2022-42248
Publication date:
06/03/2023
QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2025

CVE-2021-36397
Publication date:
06/03/2023
In Moodle, insufficient capability checks meant message deletions were not limited to the current user.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2021-36398
Publication date:
06/03/2023
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025
Subscribe to Vulnerabilities