Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-47946
Publication date:
23/12/2022
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-28229
Publication date:
23/12/2022
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-23854
Publication date:
23/12/2022
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2022-47945
Publication date:
23/12/2022
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-43848
Publication date:
23/12/2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-41290
Publication date:
23/12/2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the rm_rlcache_file command to obtain root privileges. IBM X-Force ID: 236690.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-39164
Publication date:
23/12/2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 235181.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-4692
Publication date:
23/12/2022
Cross-site Scripting (XSS) - Stored in GitHub repository usememos/memos prior to 0.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2022

CVE-2022-43849
Publication date:
23/12/2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-45715
Publication date:
23/12/2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the pLanPortRange and pWanPortRange parameters in the formSetPortMapping function.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-45720
Publication date:
23/12/2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple buffer overflows via the ip, mac, and remark parameters in the formIPMacBindModify function.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-45719
Publication date:
23/12/2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the gotoUrl parameter in the formPortalAuth function.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025
Subscribe to Vulnerabilities