Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-3757
Publication date:
29/10/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-3754
Publication date:
29/10/2022
Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
Severity CVSS v4.0: Pending analysis
Last modification:
31/10/2022

CVE-2022-42916
Publication date:
29/10/2022
In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-2826
Publication date:
28/10/2022
An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. TODO
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-43283
Publication date:
28/10/2022
wasm2c v1.0.29 was discovered to contain an abort in CWriter::Write.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2022-43285
Publication date:
28/10/2022
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-43284
Publication date:
28/10/2022
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-43286
Publication date:
28/10/2022
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-43280
Publication date:
28/10/2022
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-43281
Publication date:
28/10/2022
wasm-interp v1.0.29 was discovered to contain a heap overflow via the component std::vector::size() at /bits/stl_vector.h.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2022-43282
Publication date:
28/10/2022
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallIndirectExpr->GetReturnCallDropKeepCount.
Severity CVSS v4.0: Pending analysis
Last modification:
08/05/2025

CVE-2022-37621
Publication date:
28/10/2022
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025
Subscribe to Vulnerabilities