Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-42641

Publication date:

02/02/2022

PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability that allows an unauthenticated attacker to disclose the username and email address of all users.

Severity CVSS v4.0: Pending analysis

Last modification:

08/02/2022

CVE-2021-42640

Publication date:

02/02/2022

Severity CVSS v4.0: Pending analysis

Last modification:

08/02/2022

CVE-2022-22510

Publication date:

02/02/2022

Codesys Profinet in version V4.2.0.0 is prone to null pointer dereference that allows a denial of service (DoS) attack of an unauthenticated user via SNMP.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2022

CVE-2022-22509

Publication date:

02/02/2022

In Phoenix Contact FL SWITCH Series 2xxx in version 3.00 an incorrect privilege assignment allows an low privileged user to enable full access to the device configuration.

Severity CVSS v4.0: Pending analysis

Last modification:

05/02/2022

CVE-2022-21817

Publication date:

02/02/2022

NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other security domains, which may lead to code execution, escalation of privileges, and impact to confidentiality and integrity.

Severity CVSS v4.0: Pending analysis

Last modification:

24/07/2023

CVE-2021-41018

Publication date:

02/02/2022

A improper neutralization of special elements used in an os command (&#39;os command injection&#39;) in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

Severity CVSS v4.0: Pending analysis

Last modification:

04/02/2022

CVE-2021-39066

Publication date:

02/02/2022

IBM Financial Transaction Manager 3.2.4 does not invalidate session any existing session identifier gives an attacker the opportunity to steal authenticated sessions. IBM X-Force ID: 215040.

Severity CVSS v4.0: Pending analysis

Last modification:

05/02/2022

CVE-2021-39044

Publication date:

02/02/2022

IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 214210.

Severity CVSS v4.0: Pending analysis

Last modification:

05/02/2022

CVE-2021-39070

Publication date:

02/02/2022

IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control authentication service enabled could allow an attacker to authenticate as any user on the system. IBM X-Force ID: 215353.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2022-21724

Publication date:

02/02/2022

pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue.

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

CVE-2022-0366

Publication date:

02/02/2022

An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-26208

Publication date:

02/02/2022

JHEAD is a simple command line tool for displaying and some manipulation of EXIF header data embedded in Jpeg images from digital cameras. In affected versions there is a heap-buffer-overflow on jhead-3.04/jpgfile.c:285 ReadJpegSections. Crafted jpeg images can be provided to the user resulting in a program crash or potentially incorrect exif information retrieval. Users are advised to upgrade. There is no known workaround for this issue.

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

Subscribe to Vulnerabilities