Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-29272
Publication date:
29/06/2022
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2022-28803
Publication date:
29/06/2022
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR).
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2022-31266
Publication date:
29/06/2022
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
20/03/2025

CVE-2022-29269
Publication date:
29/06/2022
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-29270
Publication date:
29/06/2022
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-29271
Publication date:
29/06/2022
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-32532
Publication date:
29/06/2022
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2022-31887
Publication date:
28/06/2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2022-31884
Publication date:
28/06/2022
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-25238
Publication date:
28/06/2022
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2022-29858
Publication date:
28/06/2022
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022

CVE-2020-19896
Publication date:
28/06/2022
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php.
Severity CVSS v4.0: Pending analysis
Last modification:
08/07/2022
Subscribe to Vulnerabilities