Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-38871
Publication date:
18/11/2022
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-40130
Publication date:
18/11/2022
Auth. (subscriber+) Race Condition vulnerability in WP-Polls plugin
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2022-40216
Publication date:
18/11/2022
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2021-37936
Publication date:
18/11/2022
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-31694
Publication date:
18/11/2022
InstallBuilder Qt installers built with versions previous to 22.10 try to load DLLs from the installer binary parent directory when displaying popups. This may allow an attacker to plant a malicious DLL in the installer parent directory to allow executing code with the privileges of the installer (when the popup triggers the loading of the library). Exploiting these type of vulnerabilities generally require that an attacker has access to a vulnerable machine to plant the malicious DLL.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-34827
Publication date:
18/11/2022
Carel Boss Mini 1.5.0 has Improper Access Control.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-31739
Publication date:
18/11/2022
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-33621
Publication date:
18/11/2022
The cgi gem before 0.1.0.2, 0.2.x before 0.2.2, and 0.3.x before 0.3.5 for Ruby allows HTTP response splitting. This is relevant to applications that use untrusted user input either to generate an HTTP response or to create a CGI::Cookie object.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2021-22141
Publication date:
18/11/2022
An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16. If a logged in user visits a maliciously crafted URL, it could result in Kibana redirecting the user to an arbitrary website.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-41911
Publication date:
18/11/2022
TensorFlow is an open source platform for machine learning. When printing a tensor, we get it's data as a `const char*` array (since that's the underlying storage) and then we typecast it to the element type. However, conversions from `char` to `bool` are undefined if the `char` is not `0` or `1`, so sanitizers/fuzzers will crash. The issue has been patched in GitHub commit `1be74370327`. The fix will be included in TensorFlow 2.11.0. We will also cherrypick this commit on TensorFlow 2.10.1, TensorFlow 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2022

CVE-2022-41909
Publication date:
18/11/2022
TensorFlow is an open source platform for machine learning. An input `encoded` that is not a valid `CompositeTensorVariant` tensor will trigger a segfault in `tf.raw_ops.CompositeTensorVariantToComponents`. We have patched the issue in GitHub commits bf594d08d377dc6a3354d9fdb494b32d45f91971 and 660ce5a89eb6766834bdc303d2ab3902aef99d3d. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2023

CVE-2022-41907
Publication date:
18/11/2022
TensorFlow is an open source platform for machine learning. When `tf.raw_ops.ResizeNearestNeighborGrad` is given a large `size` input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2022
Subscribe to Vulnerabilities