Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32205

Publication date:

07/07/2022

A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

CVE-2015-3207

Publication date:

07/07/2022

In Openshift Origin 3 the cookies being set in console have no &#39;secure&#39;, &#39;HttpOnly&#39; attributes.

Severity CVSS v4.0: Pending analysis

Last modification:

14/07/2022

CVE-2022-32206

Publication date:

07/07/2022

curl

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

CVE-2022-31854

Publication date:

07/07/2022

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2022

CVE-2022-32207

Publication date:

07/07/2022

When curl

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2025

CVE-2015-1784

Publication date:

07/07/2022

In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.

Severity CVSS v4.0: Pending analysis

Last modification:

14/07/2022

CVE-2015-1785

Publication date:

07/07/2022

Severity CVSS v4.0: Pending analysis

Last modification:

14/07/2022

CVE-2022-25047

Publication date:

07/07/2022

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.

Severity CVSS v4.0: Pending analysis

Last modification:

24/01/2023

CVE-2022-25046

Publication date:

07/07/2022

A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.

Severity CVSS v4.0: Pending analysis

Last modification:

24/01/2023

CVE-2022-25048

Publication date:

07/07/2022

Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.

Severity CVSS v4.0: Pending analysis

Last modification:

14/07/2022

CVE-2022-33996

Publication date:

07/07/2022

Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.

Severity CVSS v4.0: Pending analysis

Last modification:

14/07/2022