Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-43749
Publication date:
26/10/2022
Improper privilege management vulnerability in summary report management in Synology Presto File Server before 2.1.2-1601 allows remote authenticated users to bypass security constraint via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2022

CVE-2022-43748
Publication date:
26/10/2022
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in file operation management in Synology Presto File Server before 2.1.2-1601 allows remote attackers to write arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2022

CVE-2022-2422
Publication date:
26/10/2022
Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2022-29823
Publication date:
26/10/2022
Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2022-2421
Publication date:
26/10/2022
Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object.
Severity CVSS v4.0: Pending analysis
Last modification:
06/02/2026

CVE-2022-29822
Publication date:
26/10/2022
Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection
Severity CVSS v4.0: Pending analysis
Last modification:
02/01/2024

CVE-2022-31256
Publication date:
26/10/2022
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2022

CVE-2022-25849
Publication date:
26/10/2022
The package joyqi/hyper-down from 0.0.0 are vulnerable to Cross-site Scripting (XSS) because the module of parse markdown does not filter the href attribute very well.
Severity CVSS v4.0: Pending analysis
Last modification:
09/05/2025

CVE-2022-43750
Publication date:
26/10/2022
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-43747
Publication date:
26/10/2022
baramundi Management Agent (bMA) in baramundi Management Suite (bMS) 2021 R1 and R2 and 2022 R1 allows remote code execution. This is fixed in security update S-2022-01, which contains fixed bMA setup files for these versions. This also is fixed in baramundi Management Suite 2022 R2.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2024

CVE-2022-41711
Publication date:
25/10/2022
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025

CVE-2022-33182
Publication date:
25/10/2022
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
Severity CVSS v4.0: Pending analysis
Last modification:
07/05/2025
Subscribe to Vulnerabilities