Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-32139
Publication date:
24/06/2022
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required.
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2022

CVE-2022-32140
Publication date:
24/06/2022
Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required.
Severity CVSS v4.0: Pending analysis
Last modification:
01/07/2022

CVE-2022-1965
Publication date:
24/06/2022
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2022

CVE-2022-31805
Publication date:
24/06/2022
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2017-20096
Publication date:
24/06/2022
A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2022

CVE-2017-20095
Publication date:
24/06/2022
A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2022

CVE-2017-20097
Publication date:
24/06/2022
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2022

CVE-2017-20094
Publication date:
24/06/2022
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2022

CVE-2017-20093
Publication date:
24/06/2022
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
21/03/2025

CVE-2017-20092
Publication date:
24/06/2022
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2022

CVE-2022-32405
Publication date:
24/06/2022
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2022

CVE-2022-32404
Publication date:
24/06/2022
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2022
Subscribe to Vulnerabilities