Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2714

Publication date:

06/09/2022

Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2022

CVE-2022-2901

Publication date:

06/09/2022

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.

Severity CVSS v4.0: Pending analysis

Last modification:

13/09/2022

CVE-2022-34882

Publication date:

06/09/2022

Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2022-34883

Publication date:

06/09/2022

OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.

Severity CVSS v4.0: Pending analysis

Last modification:

25/02/2026

CVE-2022-34747

Publication date:

06/09/2022

A format string vulnerability in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0 could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet.

Severity CVSS v4.0: Pending analysis

Last modification:

08/09/2022

CVE-2022-38367

Publication date:

05/09/2022

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint.

Severity CVSS v4.0: Pending analysis

Last modification:

08/09/2022

CVE-2021-28398

Publication date:

05/09/2022

A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.

Severity CVSS v4.0: Pending analysis

Last modification:

01/10/2022

CVE-2022-30331

Publication date:

05/09/2022

The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor&#39;s position is "GSQL was behaving as expected."

Severity CVSS v4.0: Pending analysis

Last modification:

03/08/2024

CVE-2022-39838

Publication date:

05/09/2022

Systematic FIX Adapter (ALFAFX) 2.4.0.25 13/09/2017 allows remote file inclusion via a UNC share pathname, and also allows absolute path traversal to local pathnames.

Severity CVSS v4.0: Pending analysis

Last modification:

09/09/2022

CVE-2022-31814

Publication date:

05/09/2022

pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected.

Severity CVSS v4.0: Pending analysis

Last modification:

03/07/2024

CVE-2022-3122

Publication date:

05/09/2022

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file medicine_details.php. The manipulation of the argument medicine leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207854 is the identifier assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

07/09/2024

CVE-2022-3121

Publication date:

05/09/2022

A vulnerability was found in SourceCodester Online Employee Leave Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/addemployee.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The identifier VDB-207853 was assigned to this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

08/09/2022

Subscribe to Vulnerabilities