Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-1036
Publication date:
22/03/2022
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0667
Publication date:
22/03/2022
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2021-45810
Publication date:
22/03/2022
GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2024

CVE-2021-45809
Publication date:
22/03/2022
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=` parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2022

CVE-2022-1034
Publication date:
22/03/2022
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0386
Publication date:
22/03/2022
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0652
Publication date:
22/03/2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-26285
Publication date:
21/03/2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-26284
Publication date:
21/03/2022
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-26283
Publication date:
21/03/2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2025

CVE-2022-27607
Publication date:
21/03/2022
Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-27090
Publication date:
21/03/2022
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022
Subscribe to Vulnerabilities