Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-34405

Publication date:
26/01/2023
An improper access control vulnerability was identified in the Realtek audio driver. A local authenticated malicious user may potentially exploit this vulnerability by waiting for an administrator to launch the application and attach to the process to elevate privileges on the system.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-31711

Publication date:
26/01/2023
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-31710

Publication date:
26/01/2023
vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-31704

Publication date:
26/01/2023
The vRealize Log Insight contains a broken access control vulnerability. An unauthenticated malicious actor can remotely inject code into sensitive files of an impacted appliance which can result in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-31706

Publication date:
26/01/2023
The vRealize Log Insight contains a Directory Traversal Vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-29843

Publication date:
26/01/2023
A command injection vulnerability in the DDNS service configuration of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to execute code in the context of the root user.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2022-29844

Publication date:
26/01/2023
A vulnerability in the FTP service of Western Digital My Cloud OS 5 devices running firmware versions prior to 5.26.119 allows an attacker to read and write arbitrary files. This could lead to a full NAS compromise and would give remote execution capabilities to the attacker.
Severity CVSS v4.0: Pending analysis
Last modification:
01/02/2023

CVE-2022-27508

Publication date:
26/01/2023
Unauthenticated denial of service
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-27507

Publication date:
26/01/2023
Authenticated denial of service
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-26329

Publication date:
26/01/2023
File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-25927

Publication date:
26/01/2023
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-25962

Publication date:
26/01/2023
All versions of the package vagrant.js are vulnerable to Command Injection via the boxAdd function due to improper input sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025