Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-22750
Publication date:
22/12/2022
By generally accepting and passing resource handles across processes, a compromised content process might have confused higher privileged processes to interact with handles that the unprivileged process should not have access to.*This bug only affects Firefox for Windows and MacOS. Other operating systems are unaffected.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22749
Publication date:
22/12/2022
When scanning QR codes, Firefox for Android would have allowed navigation to some URLs that do not point to web content.*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22748
Publication date:
22/12/2022
Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program and handling an external URL protocol. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22747
Publication date:
22/12/2022
After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22746
Publication date:
22/12/2022
A race condition could have allowed bypassing the fullscreen notification which could have lead to a fullscreen window spoof being unnoticed.*This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22745
Publication date:
22/12/2022
Securitypolicyviolation events could have leaked cross-origin information for frame-ancestors violations. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22743
Publication date:
22/12/2022
When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22744
Publication date:
22/12/2022
The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.*This bug only affects Thunderbird for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22740
Publication date:
22/12/2022
Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22739
Publication date:
22/12/2022
Malicious websites could have tricked users into accepting launching a program to handle an external URL protocol. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22738
Publication date:
22/12/2022
Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-22461
Publication date:
22/12/2022
<br /> IBM Security Verify Governance, Identity Manager 10.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225007.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities