Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32207
Publication date:
07/07/2022
When curl
Severity CVSS v4.0: Pending analysis
Last modification:
23/04/2025

CVE-2015-1784
Publication date:
07/07/2022
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2015-1785
Publication date:
07/07/2022
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2022-25047
Publication date:
07/07/2022
The password reset token in CWP v0.9.8.1126 is generated using known or predictable values.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023

CVE-2022-25046
Publication date:
07/07/2022
A path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023

CVE-2022-25048
Publication date:
07/07/2022
Command injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2022-33996
Publication date:
07/07/2022
Incorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2022-34007
Publication date:
07/07/2022
EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2022

CVE-2022-32567
Publication date:
07/07/2022
The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2022-2342
Publication date:
07/07/2022
Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2022

CVE-2022-2339
Publication date:
07/07/2022
With this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2025

CVE-2022-20752
Publication date:
06/07/2022
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities