Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-25171

Publication date:

20/12/2022

The package p4 before 0.0.7 are vulnerable to Command Injection via the run() function due to improper input sanitization

Severity CVSS v4.0: Pending analysis

Last modification:

16/04/2025

CVE-2022-47578

Publication date:

20/12/2022

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by booting into Safe Mode. This allows a file to be exchanged outside the laptop/system. Safe Mode can be launched by any user (even without admin rights). Data exfiltration can occur, and also malware might be introduced onto the system. NOTE: the vendor&#39;s position is "it&#39;s not a vulnerability in our product."

Severity CVSS v4.0: Pending analysis

Last modification:

03/08/2024

CVE-2022-47577

Publication date:

20/12/2022

An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a file to be exchanged outside the laptop/system. VMs can be created by any user (even without admin rights). The data exfiltration can occur without any record in the audit trail of Windows events on the host machine. NOTE: the vendor&#39;s position is "it&#39;s not a vulnerability in our product."

Severity CVSS v4.0: Pending analysis

Last modification:

03/08/2024

CVE-2022-47551

Publication date:

20/12/2022

Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project&#39;s accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-46403

Publication date:

19/12/2022

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) mishandles reject messages.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-46402

Publication date:

19/12/2022

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PairCon_rmSend with incorrect values.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-46401

Publication date:

19/12/2022

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-3752

Publication date:

19/12/2022

An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2022-44109

Publication date:

19/12/2022

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Stream::makeFilter(char*, Stream*, Object*, int).

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-44108

Publication date:

19/12/2022

pdftojson commit 94204bb was discovered to contain a stack overflow via the component Object::copy(Object*):Object.cc.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-46399

Publication date:

19/12/2022

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) is unresponsive with ConReqTimeoutZero.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

CVE-2022-46400

Publication date:

19/12/2022

The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) allows attackers to bypass passkey entry in legacy pairing.

Severity CVSS v4.0: Pending analysis

Last modification:

17/04/2025

Subscribe to Vulnerabilities