Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-44175
Publication date:
21/11/2022
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-43117
Publication date:
21/11/2022
Sourcecodester Password Storage Application in PHP/OOP and MySQL 1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Name, Username, Description and Site Feature parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-40746
Publication date:
21/11/2022
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-45422
Publication date:
21/11/2022
When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2025

CVE-2022-38755
Publication date:
21/11/2022
A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-35897
Publication date:
21/11/2022
An stack buffer overflow vulnerability leads to arbitrary code execution issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. If the attacker modifies specific UEFI variables, it can cause a stack overflow, leading to arbitrary code execution. The specific variables are normally locked (read-only) at the OS level and therefore an attack would require direct SPI modification. If an attacker can change the values of at least two variables out of three (SecureBootEnforce, SecureBoot, RestoreBootSettings), it is possible to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-45470
Publication date:
21/11/2022
missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-40129
Publication date:
21/11/2022
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.0.1.12430. A specially-crafted PDF document can trigger the reuse of previously freed memory via misusing Optional Content Group API, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
22/11/2022

CVE-2022-40470
Publication date:
21/11/2022
Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44156
Publication date:
21/11/2022
Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetIpMacBind.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44158
Publication date:
21/11/2022
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44163
Publication date:
21/11/2022
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025
Subscribe to Vulnerabilities