Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-35290
Publication date:
10/08/2022
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2022-32429
Publication date:
10/08/2022
An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
08/12/2022

CVE-2022-32245
Publication date:
10/08/2022
SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2022

CVE-2022-32189
Publication date:
10/08/2022
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2023

CVE-2022-32148
Publication date:
10/08/2022
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2022-31675
Publication date:
10/08/2022
VMware vRealize Operations contains an authentication bypass vulnerability. An unauthenticated malicious actor with network access may be able to create a user with administrative privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-31672
Publication date:
10/08/2022
VMware vRealize Operations contains a privilege escalation vulnerability. A malicious actor with administrative network access can escalate privileges to root.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2025

CVE-2022-31673
Publication date:
10/08/2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can create and leak hex dumps, leading to information disclosure. Successful exploitation can lead to a remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-31674
Publication date:
10/08/2022
VMware vRealize Operations contains an information disclosure vulnerability. A low-privileged malicious actor with network access can access log files that lead to information disclosure.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2025

CVE-2022-30633
Publication date:
10/08/2022
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2022-30635
Publication date:
10/08/2022
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
Severity CVSS v4.0: Pending analysis
Last modification:
06/03/2026

CVE-2022-30631
Publication date:
10/08/2022
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.
Severity CVSS v4.0: Pending analysis
Last modification:
20/10/2025
Subscribe to Vulnerabilities