Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32019
Publication date:
02/06/2022
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2022

CVE-2022-26944
Publication date:
02/06/2022
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2022

CVE-2022-29597
Publication date:
02/06/2022
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2022

CVE-2022-26497
Publication date:
02/06/2022
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2023

CVE-2021-45981
Publication date:
02/06/2022
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack.
Severity CVSS v4.0: Pending analysis
Last modification:
13/06/2022

CVE-2021-38221
Publication date:
02/06/2022
bbs-go
Severity CVSS v4.0: Pending analysis
Last modification:
10/06/2022

CVE-2022-1982
Publication date:
02/06/2022
Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2022

CVE-2022-1979
Publication date:
02/06/2022
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input alert(1) leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-1980
Publication date:
02/06/2022
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input alert(1) leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-45982
Publication date:
02/06/2022
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user.
Severity CVSS v4.0: Pending analysis
Last modification:
11/06/2022

CVE-2022-1716
Publication date:
02/06/2022
Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-45983
Publication date:
02/06/2022
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023
Subscribe to Vulnerabilities