Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-32929
Publication date:
22/04/2022
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-36203
Publication date:
22/04/2022
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2022-28074
Publication date:
22/04/2022
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via \admin\index.html#/system/tools.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2022-27406
Publication date:
22/04/2022
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size.
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2022-27404
Publication date:
22/04/2022
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2022-27405
Publication date:
22/04/2022
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
Severity CVSS v4.0: Pending analysis
Last modification:
29/02/2024

CVE-2022-1429
Publication date:
22/04/2022
SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2022

CVE-2022-26672
Publication date:
22/04/2022
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modify or delete this user account information.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2022

CVE-2022-26674
Publication date:
22/04/2022
ASUS RT-AX88U has a Format String vulnerability, which allows an unauthenticated remote attacker to write to arbitrary memory address and perform remote arbitrary code execution, arbitrary system operation or disrupt service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2022

CVE-2022-26673
Publication date:
22/04/2022
ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
04/05/2022

CVE-2022-28367
Publication date:
21/04/2022
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2022-29577
Publication date:
21/04/2022
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2023
Subscribe to Vulnerabilities