Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-41262

Publication date:

12/12/2022

Due to insufficient input validation, SAP NetWeaver AS Java (HTTP Provider Service) - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality and integrity of the application.<br />

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2022-0925

Publication date:

12/12/2022

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2022-41263

Publication date:

12/12/2022

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform (Web Intelligence) - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the attacker can modify information causing a limited impact on the integrity of the application.

Severity CVSS v4.0: Pending analysis

Last modification:

11/07/2023

CVE-2022-41261

Publication date:

12/12/2022

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.

Severity CVSS v4.0: Pending analysis

Last modification:

10/07/2023

CVE-2022-46904

Publication date:

12/12/2022

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user&#39;s browser, including scripts in the JavaScript programming language, which leads to Self-XSS.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2022-46903

Publication date:

12/12/2022

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2022-46905

Publication date:

12/12/2022

Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an unauthenticated attacker to inject arbitrary HTML tags into the page processed by the user&#39;s browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2022-46906

Publication date:

12/12/2022

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2022-45275

Publication date:

12/12/2022

An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2025

CVE-2022-42716

Publication date:

12/12/2022

An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.

Severity CVSS v4.0: Pending analysis

Last modification:

15/10/2024

CVE-2022-4016

Publication date:

12/12/2022

The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks

Severity CVSS v4.0: Pending analysis

Last modification:

22/04/2025

CVE-2022-4097

Publication date:

12/12/2022

The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

Subscribe to Vulnerabilities