Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-45798
Publication date:
24/12/2022
A link following vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges by creating a symbolic link and abusing the service to delete a file.<br /> <br /> Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-43860
Publication date:
24/12/2022
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information they are authorized to but not while using this interface. By performing an SQL injection an attacker could see user profile attributes through this interface. IBM X-Force ID: 239305.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-22449
Publication date:
24/12/2022
IBM Security Verify Governance, Identity Manager 10.01 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 224915.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-38658
Publication date:
24/12/2022
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator&amp;#39;s sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-47633
Publication date:
23/12/2022
An image signature validation bypass vulnerability in Kyverno 1.8.3 and 1.8.4 allows a malicious image registry (or a man-in-the-middle attacker) to inject unsigned arbitrary container images into a protected Kubernetes cluster. This is fixed in 1.8.5. This has been fixed in 1.8.5 and mitigations are available for impacted releases.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-40011
Publication date:
23/12/2022
Typora through 1.3.8 allows XSS if a document containing an SVG element with an attacker-controlled onload attribute is exported and then used at a victim&amp;#39;s origin.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2026

CVE-2022-28228
Publication date:
23/12/2022
Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert statement that would allow him to read sensitive information from other memory locations or cause a crash.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-47946
Publication date:
23/12/2022
An issue was discovered in the Linux kernel 5.10.x before 5.10.155. A use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the kernel, resulting in denial of service. finish_wait can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. NOTE: later kernel versions, such as the 5.15 longterm series, substantially changed the implementation of io_sqpoll_wait_sq.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-28229
Publication date:
23/12/2022
The hash functionality in userver before 42059b6319661583b3080cab9b595d4f8ac48128 allows attackers to cause a denial of service via crafted HTTP request, involving collisions.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-23854
Publication date:
23/12/2022
AVEVA InTouch Access Anywhere versions 2020 R2 and older are vulnerable to a path traversal exploit that could allow an unauthenticated user with network access to read files on the system outside of the secure gateway web server.
Severity CVSS v4.0: Pending analysis
Last modification:
13/02/2025

CVE-2022-47945
Publication date:
23/12/2022
ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-43848
Publication date:
23/12/2022
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. IBM X-Force ID: 239169.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities