Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2023-22466
Publication date:
04/01/2023
Tokio is a runtime for writing applications with Rust. Starting with version 1.7.0 and prior to versions 1.18.4, 1.20.3, and 1.23.1, when configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publicly shared folder (SMB). Versions 1.23.1, 1.20.3, and 1.18.4 have been patched. The fix will also be present in all releases starting from version 1.24.0. Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected. As a workaround, ensure that `pipe_mode` is set first after initializing a `ServerOptions`.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2023

CVE-2021-4300
Publication date:
04/01/2023
A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The identifier of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2024

CVE-2022-45049
Publication date:
04/01/2023
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2023

CVE-2022-45051
Publication date:
04/01/2023
A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim's browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2023

CVE-2022-48217
Publication date:
04/01/2023
The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-45052
Publication date:
04/01/2023
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the Proxy.type.php endpoint, external users are capable of accessing files on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
16/10/2024

CVE-2023-0054
Publication date:
04/01/2023
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2023

CVE-2022-43920
Publication date:
04/01/2023
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2023-0051
Publication date:
04/01/2023
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2023

CVE-2022-25926
Publication date:
04/01/2023
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.<br /> <br />
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2022-46456
Publication date:
04/01/2023
NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025

CVE-2022-46457
Publication date:
04/01/2023
NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
Severity CVSS v4.0: Pending analysis
Last modification:
10/04/2025
Subscribe to Vulnerabilities