Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-2463

Publication date:
25/08/2022
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2022

CVE-2022-2464

Publication date:
25/08/2022
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2022

CVE-2022-2465

Publication date:
25/08/2022
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2022

CVE-2022-36358

Publication date:
25/08/2022
Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2022

CVE-2022-37952

Publication date:
25/08/2022
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2022

CVE-2022-37953

Publication date:
25/08/2022
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (
Severity CVSS v4.0: Pending analysis
Last modification:
29/08/2022

CVE-2022-32742

Publication date:
25/08/2022
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
Severity CVSS v4.0: Pending analysis
Last modification:
03/07/2024

CVE-2022-32744

Publication date:
25/08/2022
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2023

CVE-2022-32745

Publication date:
25/08/2022
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-32746

Publication date:
25/08/2022
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2023

CVE-2022-23715

Publication date:
25/08/2022
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore
Severity CVSS v4.0: Pending analysis
Last modification:
31/08/2022

CVE-2021-42521

Publication date:
25/08/2022
There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023