Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-22999
Publication date:
25/07/2022
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can allow a malicious user with elevated privileges access to drives being backed up to construct and inject JavaScript payloads into an authenticated user's browser. As a result, it may be possible to gain control over the authenticated session, steal data, modify settings, or redirect the user to malicious websites. The scope of impact can extend to other components.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2022

CVE-2022-35288
Publication date:
25/07/2022
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-35287
Publication date:
25/07/2022
IBM Security Verify Information Queue 10.0.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 230817.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2022

CVE-2022-35285
Publication date:
25/07/2022
IBM Security Verify Information Queue 10.0.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 230812.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2022

CVE-2022-35284
Publication date:
25/07/2022
IBM Security Verify Information Queue 10.0.2 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 230811.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2022

CVE-2022-34962
Publication date:
25/07/2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Group Timeline module.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2022

CVE-2022-33969
Publication date:
25/07/2022
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2023

CVE-2022-2059
Publication date:
25/07/2022
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2022

CVE-2022-2032
Publication date:
25/07/2022
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2022

CVE-2022-24992
Publication date:
25/07/2022
A vulnerability in the component process.php of QR Code Generator v5.2.7 allows attackers to perform directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2022

CVE-2022-24083
Publication date:
25/07/2022
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
Severity CVSS v4.0: Pending analysis
Last modification:
01/08/2022

CVE-2022-34965
Publication date:
25/07/2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain an arbitrary file upload vulnerability via the component /ossn/administrator/com_installer. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. Note: The project owner believes this is intended behavior of the application as it only allows authenticated admins to upload files.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024
Subscribe to Vulnerabilities