Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-44087
Publication date:
17/03/2022
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2021-43961
Publication date:
17/03/2022
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-24302
Publication date:
17/03/2022
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2022-24770
Publication date:
17/03/2022
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer's computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user's computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2021-46107
Publication date:
17/03/2022
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2022-26504
Publication date:
17/03/2022
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
Severity CVSS v4.0: Pending analysis
Last modification:
09/05/2024

CVE-2022-21822
Publication date:
17/03/2022
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.
Severity CVSS v4.0: Pending analysis
Last modification:
15/06/2022

CVE-2022-26501
Publication date:
17/03/2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2022-26500
Publication date:
17/03/2022
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-45040
Publication date:
17/03/2022
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2021-44907
Publication date:
17/03/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-25949
Publication date:
17/03/2022
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022
Subscribe to Vulnerabilities