Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-42099
Publication date:
29/11/2022
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-32967
Publication date:
29/11/2022
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2022-32966
Publication date:
29/11/2022
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2022

CVE-2022-41676
Publication date:
29/11/2022
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2022

CVE-2022-41675
Publication date:
29/11/2022
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2022

CVE-2022-45306
Publication date:
29/11/2022
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45305
Publication date:
29/11/2022
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45307
Publication date:
29/11/2022
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45304
Publication date:
29/11/2022
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-45301
Publication date:
29/11/2022
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-4129
Publication date:
28/11/2022
A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-45224
Publication date:
28/11/2022
Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in Admin/add-admin.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtfullname parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
28/04/2025
Subscribe to Vulnerabilities