Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2783
Publication date:
06/10/2022
In affected versions of Octopus Server it was identified that a session cookie could be used as the CSRF token
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-2637
Publication date:
06/10/2022
Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2026

CVE-2022-26240
Publication date:
06/10/2022
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2022

CVE-2022-26239
Publication date:
06/10/2022
The default privileges for the running service Normand License Manager in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows unprivileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2022

CVE-2022-26235
Publication date:
06/10/2022
A vulnerability was discovered in the Remisol Advance v2.0.12.1 and below for the Normand Message Server. On installation, the permissions set by Remisol Advance allow non-privileged users to overwrite and/or manipulate executables and libraries that run as the elevated SYSTEM user on Windows.
Severity CVSS v4.0: Pending analysis
Last modification:
11/10/2022

CVE-2022-26237
Publication date:
06/10/2022
The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Severity CVSS v4.0: Pending analysis
Last modification:
10/10/2022

CVE-2022-22503
Publication date:
06/10/2022
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
Severity CVSS v4.0: Pending analysis
Last modification:
08/11/2022

CVE-2021-40556
Publication date:
06/10/2022
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by "caupload" input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
07/10/2022

CVE-2022-42247
Publication date:
03/10/2022
pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2022

CVE-2022-41443
Publication date:
03/10/2022
phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2022

CVE-2022-33882
Publication date:
03/10/2022
Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2022

CVE-2022-42306
Publication date:
03/10/2022
An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.
Severity CVSS v4.0: Pending analysis
Last modification:
04/10/2022
Subscribe to Vulnerabilities