Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-27508
Publication date:
26/01/2023
Unauthenticated denial of service
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-29843
Publication date:
26/01/2023
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2022-29844
Publication date:
26/01/2023
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2022-26329
Publication date:
26/01/2023
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-25927
Publication date:
26/01/2023
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25962
Publication date:
26/01/2023
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25860
Publication date:
26/01/2023
Versions of the package simple-git before 3.16.0 are vulnerable to Remote Code Execution (RCE) via the clone(), pull(), push() and listRemote() methods, due to improper input sanitization.<br /> This vulnerability exists due to an incomplete fix of [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221).<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25882
Publication date:
26/01/2023
Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example "../../../etc/passwd"
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25908
Publication date:
26/01/2023
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25894
Publication date:
26/01/2023
All versions of the package com.bstek.uflo:uflo-core are vulnerable to Remote Code Execution (RCE) in the ExpressionContextImpl class via jexl.createExpression(expression).evaluate(context); functionality, due to improper user input validation.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25847
Publication date:
26/01/2023
All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-22462
Publication date:
26/01/2023
<br /> IBM Security Verify Governance, Identity Manager virtual appliance component 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225078.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities