Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-46149
Publication date:
30/11/2022
Cap'n Proto is a data interchange format and remote procedure call (RPC) system. Cap'n Proro prior to versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3, as well as versions of Cap'n Proto's Rust implementation prior to 0.13.7, 0.14.11, and 0.15.2 are vulnerable to out-of-bounds read due to logic error handling list-of-list. This issue may lead someone to remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. Exfiltration of memory is possible if the victim performs additional certain actions on a list-of-pointer type. To be vulnerable, an application must perform a specific sequence of actions, described in the GitHub Security Advisory. The bug is present in inlined code, therefore the fix will require rebuilding dependent applications. Cap'n Proto has C++ fixes available in versions 0.7.1, 0.8.1, 0.9.2, and 0.10.3. The `capnp` Rust crate has fixes available in versions 0.13.7, 0.14.11, and 0.15.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-4234
Publication date:
30/11/2022
A vulnerability was found in SourceCodester Canteen Management System. It has been rated as problematic. This issue affects the function builtin_echo of the file youthappam/brand.php. The manipulation of the argument brand_name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214595.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-44151
Publication date:
30/11/2022
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2026

CVE-2022-44136
Publication date:
30/11/2022
Zenario CMS 9.3.57186 is vulnerable to Remote Code Excution (RCE).
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2025

CVE-2021-31740
Publication date:
30/11/2022
SEPPMail's web frontend, user input is not embedded correctly in the web page and therefore leads to cross-site scripting vulnerabilities (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-1606
Publication date:
30/11/2022
Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects.
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2024

CVE-2022-1911
Publication date:
30/11/2022
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system.
Severity CVSS v4.0: Pending analysis
Last modification:
28/08/2024

CVE-2022-38801
Publication date:
30/11/2022
In Zkteco BioTime
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2025

CVE-2022-38802
Publication date:
30/11/2022
Zkteco BioTime
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2025

CVE-2022-38803
Publication date:
30/11/2022
Zkteco BioTime
Severity CVSS v4.0: Pending analysis
Last modification:
24/04/2025

CVE-2021-4242
Publication date:
30/11/2022
A vulnerability was found in Sapido BR270n, BRC76n, GR297 and RB1732 and classified as critical. Affected by this issue is some unknown functionality of the file ip/syscmd.htm. The manipulation leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214592.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-45842
Publication date:
30/11/2022
Unauth. Race Condition vulnerability in WP ULike Plugin
Severity CVSS v4.0: Pending analysis
Last modification:
14/03/2025
Subscribe to Vulnerabilities