Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-31466
Publication date:
23/05/2022
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-28944
Publication date:
23/05/2022
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2022-30016
Publication date:
23/05/2022
Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2022

CVE-2022-30017
Publication date:
23/05/2022
Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2022

CVE-2022-29004
Publication date:
23/05/2022
Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2022-29005
Publication date:
23/05/2022
Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2022-30014
Publication date:
23/05/2022
Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2022

CVE-2022-28932
Publication date:
23/05/2022
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2021-41714
Publication date:
23/05/2022
In Tipask
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022

CVE-2022-1811
Publication date:
23/05/2022
Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.
Severity CVSS v4.0: Pending analysis
Last modification:
27/06/2023

CVE-2022-0900
Publication date:
23/05/2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS.This issue affects DivvyDrive: from unspecified before v.4.6.2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024

CVE-2022-28998
Publication date:
23/05/2022
Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022
Subscribe to Vulnerabilities