Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27446
Publication date:
16/05/2022
The Weintek cMT product line is vulnerable to code injection, which may allow an unauthenticated remote attacker to execute commands with root privileges on the operation system.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2021-27442
Publication date:
16/05/2022
The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2022-1679
Publication date:
16/05/2022
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
19/01/2024

CVE-2021-27444
Publication date:
16/05/2022
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2022

CVE-2022-30055
Publication date:
16/05/2022
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2022-30050
Publication date:
16/05/2022
Gnuboard 5.55 and 5.56 is vulnerable to Cross Site Scripting (XSS) via bbs/member_confirm.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2024

CVE-2021-23267
Publication date:
16/05/2022
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker static methods.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2021-23266
Publication date:
16/05/2022
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2022

CVE-2022-25169
Publication date:
16/05/2022
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2022

CVE-2022-30126
Publication date:
16/05/2022
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2022

CVE-2021-23265
Publication date:
16/05/2022
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Severity CVSS v4.0: Pending analysis
Last modification:
30/08/2022

CVE-2021-33318
Publication date:
16/05/2022
An Input Validation Vulnerability exists in Joel Christner .NET C# packages WatsonWebserver, IpMatcher 1.0.4.1 and below (IpMatcher) and 4.1.3 and below (WatsonWebserver) due to insufficient validation of input IP addresses and netmasks against the internal Matcher list of IP addresses and subnets.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023
Subscribe to Vulnerabilities