Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-46906
Publication date:
12/12/2022
Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Reflected XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-45275
Publication date:
12/12/2022
An arbitrary file upload vulnerability in /queuing/admin/ajax.php?action=save_settings of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2022-42716
Publication date:
12/12/2022
An issue was discovered in the Arm Mali GPU Kernel Driver. There is a use-after-free. A non-privileged user can make improper GPU processing operations to gain access to already freed memory. This affects Valhall r29p0 through r40P0.
Severity CVSS v4.0: Pending analysis
Last modification:
15/10/2024

CVE-2022-4016
Publication date:
12/12/2022
The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-4097
Publication date:
12/12/2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-4314
Publication date:
12/12/2022
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2022

CVE-2022-4005
Publication date:
12/12/2022
The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-4311
Publication date:
12/12/2022
<br /> An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This<br /> could allow a user with access to the log files to discover connection strings of data sources configured for the<br /> DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users<br /> unauthorized access to the underlying data sources.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-4010
Publication date:
12/12/2022
The Image Hover Effects WordPress plugin before 5.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-4312
Publication date:
12/12/2022
<br /> A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could<br /> allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files<br /> to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code.<br /> Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email<br /> account and SIM card.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-3930
Publication date:
12/12/2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an attacker can exploit to change the password of arbitrary users instead of his own.
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025

CVE-2022-3925
Publication date:
12/12/2022
The buddybadges WordPress plugin through 1.0.0 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
Severity CVSS v4.0: Pending analysis
Last modification:
22/04/2025
Subscribe to Vulnerabilities