Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-37905
Publication date:
12/12/2022
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2021-46846
Publication date:
12/12/2022
Cross Site Scripting vulnerability in Hewlett Packard Enterprise Integrated Lights-Out 5.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
02/05/2025

CVE-2021-3821
Publication date:
12/12/2022
A potential security vulnerability has been identified for certain HP multifunction printers (MFPs). The vulnerability may lead to Denial of Service when running HP Workpath solutions on potentially affected products.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3437
Publication date:
12/12/2022
Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3919
Publication date:
12/12/2022
A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3661
Publication date:
12/12/2022
A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-1038
Publication date:
12/12/2022
A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2021-3942
Publication date:
12/12/2022
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-3485
Publication date:
12/12/2022
In IFM Moneo Appliance with version up to 1.9.3 an unauthenticated remote attacker can reset the administrator password by only supplying the serial number and thus gain full control of the device.<br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-46685
Publication date:
12/12/2022
In Jenkins Gitea Plugin 1.4.4 and earlier, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2022-46687
Publication date:
12/12/2022
Jenkins Spring Config Plugin 2.0.0 and earlier does not escape build display names shown on the Spring Config view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to change build display names.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2022-46686
Publication date:
12/12/2022
Jenkins Custom Build Properties Plugin 2.79.vc095ccc85094 and earlier does not escape property values and build display names on the Custom Build Properties and Build Summary pages, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set or change these values.
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025
Subscribe to Vulnerabilities