Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-45343
Publication date:
29/11/2022
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2022-44635
Publication date:
29/11/2022
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-46146
Publication date:
29/11/2022
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
12/01/2024

CVE-2022-36433
Publication date:
29/11/2022
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-4202
Publication date:
29/11/2022
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is b3d821c4ae9ba62b3a194d9dcb5e99f17bd56908. It is recommended to apply a patch to fix this issue. VDB-214518 is the identifier assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-43326
Publication date:
29/11/2022
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45329
Publication date:
29/11/2022
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-41568
Publication date:
29/11/2022
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-40799
Publication date:
29/11/2022
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2022-45202
Publication date:
29/11/2022
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-44038
Publication date:
29/11/2022
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45204
Publication date:
29/11/2022
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025
Subscribe to Vulnerabilities