Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-47635
Publication date:
21/12/2022
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-25895
Publication date:
21/12/2022
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-25893
Publication date:
21/12/2022
The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-25929
Publication date:
21/12/2022
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-24431
Publication date:
21/12/2022
All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
15/04/2025

CVE-2022-38546
Publication date:
21/12/2022
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2022

CVE-2022-4617
Publication date:
21/12/2022
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
24/12/2022

CVE-2022-42949
Publication date:
21/12/2022
Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025

CVE-2022-42046
Publication date:
20/12/2022
wfshbr64.sys and wfshbr32.sys specially crafted IOCTL allows arbitrary user to perform local privilege escalation
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025

CVE-2022-47629
Publication date:
20/12/2022
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2022-46328
Publication date:
20/12/2022
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025

CVE-2022-46310
Publication date:
20/12/2022
The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.
Severity CVSS v4.0: Pending analysis
Last modification:
17/04/2025
Subscribe to Vulnerabilities