Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-25245
Publication date:
05/04/2022
Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-1244
Publication date:
05/04/2022
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-28650
Publication date:
05/04/2022
In JetBrains YouTrack before 2022.1.43700 it was possible to inject JavaScript into Markdown in the YouTrack Classic UI
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-28649
Publication date:
05/04/2022
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-28651
Publication date:
05/04/2022
In JetBrains IntelliJ IDEA before 2021.3.3 it was possible to get passwords from protected fields
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-26630
Publication date:
05/04/2022
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via \app.\admin\Controllers\db.php.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2022

CVE-2022-28648
Publication date:
05/04/2022
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-22355
Publication date:
05/04/2022
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-22356
Publication date:
05/04/2022
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2022-26635
Publication date:
05/04/2022
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection. Note: Third parties have disputed this as not affecting PHP-Memcached directly.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-27462
Publication date:
05/04/2022
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022

CVE-2022-27463
Publication date:
05/04/2022
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022
Subscribe to Vulnerabilities