Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-45473

Publication date:
18/11/2022
In drachtio-server 0.8.18, /var/log/drachtio has mode 0777 and drachtio.log has mode 0666.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-44204

Publication date:
18/11/2022
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-45471

Publication date:
18/11/2022
In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2022

CVE-2022-24038

Publication date:
18/11/2022
Karmasis Informatics Infraskope SIEM+<br /> <br /> has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2026

CVE-2022-24037

Publication date:
18/11/2022
Karmasis Informatics Infraskope SIEM+<br /> <br /> has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information.
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2026

CVE-2022-43308

Publication date:
18/11/2022
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025

CVE-2022-24939

Publication date:
18/11/2022
<br />  A malformed packet containing an invalid destination address, causes a stack overflow in the Ember ZNet stack. This causes an assert which leads to a reset, immediately clearing the error.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-43506

Publication date:
17/11/2022
SQL Injection in <br /> <br /> <br /> <br /> HandlerTag_KID.ashx<br /> <br /> <br /> <br /> in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2023

CVE-2022-44591

Publication date:
17/11/2022
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2022

CVE-2022-44736

Publication date:
17/11/2022
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2022

CVE-2022-45077

Publication date:
17/11/2022
Auth. (subscriber+) PHP Object Injection vulnerability in Betheme theme
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2025

CVE-2022-43452

Publication date:
17/11/2022
SQL Injection in <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> <br /> FtyInfoSetting.aspx in Delta Electronics DIAEnergie versions prior to v1.9.02.001 allows an attacker to inject SQL queries via Network
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2023