Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-24764
Publication date:
22/03/2022
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2021-43650
Publication date:
22/03/2022
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-1036
Publication date:
22/03/2022
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0667
Publication date:
22/03/2022
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2023

CVE-2021-45810
Publication date:
22/03/2022
GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server.
Severity CVSS v4.0: Pending analysis
Last modification:
05/03/2024

CVE-2021-45809
Publication date:
22/03/2022
GlobalProtect-openconnect versions prior to 1.4.3 are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=` parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2022

CVE-2022-1034
Publication date:
22/03/2022
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0386
Publication date:
22/03/2022
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
Severity CVSS v4.0: Pending analysis
Last modification:
28/03/2022

CVE-2022-0652
Publication date:
22/03/2022
Confd log files contain local users', including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-26285
Publication date:
21/03/2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-26284
Publication date:
21/03/2022
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-26283
Publication date:
21/03/2022
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application's database via crafted HTTP requests.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2025
Subscribe to Vulnerabilities