Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-40293

Publication date:

31/10/2022

The application was vulnerable to a session fixation that could be used hijack accounts.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-43752

Publication date:

31/10/2022

Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer&#39;s icon.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-39020

Publication date:

31/10/2022

Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting.

Severity CVSS v4.0: Pending analysis

Last modification:

25/10/2023

CVE-2022-39018

Publication date:

31/10/2022

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.

Severity CVSS v4.0: Pending analysis

Last modification:

25/10/2023

CVE-2022-39017

Publication date:

31/10/2022

Improper input validation and output encoding in all comments fields, in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to introduce cross-site scripting attacks via specially crafted comments.

Severity CVSS v4.0: Pending analysis

Last modification:

25/10/2023

CVE-2022-40190

Publication date:

31/10/2022

SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting (XSS). The web application does not adequately sanitize request strings of malicious JavaScript. An attacker utilizing XSS could then execute malicious code in users’ browsers and steal sensitive information, including user credentials.

Severity CVSS v4.0: Pending analysis

Last modification:

02/11/2022

CVE-2022-40287

Publication date:

31/10/2022

The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS) vulnerability in messaging functionality, leading to privilege escalation or a compromise of a targeted account.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-40288

Publication date:

31/10/2022

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user profile data fields, which could be leveraged to escalate privileges within and compromise any account that views their user profile.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-40291

Publication date:

31/10/2022

The application was vulnerable to Cross-Site Request Forgery (CSRF) attacks, allowing an attacker to coerce users into sending malicious requests to the site to delete their account, or in rare circumstances, hijack their account and create other admin accounts.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-40290

Publication date:

31/10/2022

The application was vulnerable to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in the barcode generation functionality, allowing attackers to generate an unsafe link that could compromise users.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

CVE-2022-3783

Publication date:

31/10/2022

A vulnerability, which was classified as problematic, has been found in node-red-dashboard. This issue affects some unknown processing of the file components/ui-component/ui-component-ctrl.js of the component ui_text Format Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 9305d1a82f19b235dfad24a7d1dd4ed244db7743. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-212555.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2022-40289

Publication date:

31/10/2022

The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the upload and download functionality, which could be leveraged to escalate privileges or compromise any accounts they can coerce into observing the targeted files.

Severity CVSS v4.0: Pending analysis

Last modification:

06/05/2025

Subscribe to Vulnerabilities