Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-20814
Publication date:
15/11/2024
A vulnerability in the certificate validation of Cisco&amp;nbsp;Expressway-C and Cisco&amp;nbsp;TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.&amp;nbsp;&amp;nbsp;The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco&amp;nbsp;Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.<br /> Note: Cisco&amp;nbsp;Expressway-E is not affected by this vulnerability.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2022-20845
Publication date:
15/11/2024
A vulnerability in the TL1 function of Cisco&amp;nbsp;Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process.<br /> This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon)&amp;nbsp;process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco&amp;nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see .
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2022-20656
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;PI and Cisco&amp;nbsp;EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.<br /> <br /> This vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.<br /> Cisco&amp;nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2022-20657
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;PI and Cisco&amp;nbsp;EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.<br /> This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&amp;nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2022-20663
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.<br /> The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco&amp;nbsp;portfolio includes the renaming of security products under one brand: Cisco&amp;nbsp;Secure. For more information, see .
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025

CVE-2022-20685
Publication date:
15/11/2024
A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.<br /> This vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
24/06/2025

CVE-2022-20649
Publication date:
15/11/2024
A vulnerability in Cisco&amp;nbsp;RCM for Cisco&amp;nbsp;StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges&amp;nbsp;in the context of the configured container.<br /> <br /> This vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.<br /> The attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.<br /> Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2022-20652
Publication date:
15/11/2024
A vulnerability in the web-based management interface and in the API subsystem of Cisco&amp;nbsp;Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.<br /> This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2022-20654
Publication date:
15/11/2024
A vulnerability in the web-based interface of Cisco&amp;nbsp;Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.<br /> This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco&amp;nbsp;Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2025

CVE-2022-20655
Publication date:
15/11/2024
A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.<br /> The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root.
Severity CVSS v4.0: Pending analysis
Last modification:
18/11/2024

CVE-2022-20626
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device.<br /> This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/08/2025

CVE-2022-20631
Publication date:
15/11/2024
A vulnerability in the web-based management interface of Cisco&amp;nbsp;ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.<br /> The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco&amp;nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
31/07/2025
Subscribe to Vulnerabilities