Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-3301
Publication date:
26/09/2022
Improper Cleanup on Thrown Exception in GitHub repository ikus060/rdiffweb prior to 2.4.8.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2022

CVE-2022-36159
Publication date:
26/09/2022
Contec FXA3200 version 1.13 and under were discovered to contain a hard coded hash password for root stored in the component /etc/shadow. As the password strength is weak, it can be cracked in few minutes. Through this credential, a malicious actor can access the Wireless LAN Manager interface and open the telnet port then sniff the traffic or inject any malware.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-38970
Publication date:
26/09/2022
ieGeek IG20 hipcam RealServer V1.0 is vulnerable to Incorrect Access Control. The algorithm used to generate device IDs (UIDs) for devices that utilize Shenzhen Yunni Technology iLnkP2P suffers from a predictability flaw that allows remote attackers to establish direct connections to arbitrary devices.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-36158
Publication date:
26/09/2022
Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi).
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-38553
Publication date:
26/09/2022
Academy Learning Management System before v5.9.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Search parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-21797
Publication date:
26/09/2022
The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement.
Severity CVSS v4.0: Pending analysis
Last modification:
23/08/2024

CVE-2022-21169
Publication date:
26/09/2022
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-41352
Publication date:
26/09/2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.
Severity CVSS v4.0: Pending analysis
Last modification:
03/04/2025

CVE-2022-41347
Publication date:
26/09/2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). The Sudo configuration permits the zimbra user to execute the NGINX binary as root with arbitrary parameters. As part of its intended functionality, NGINX can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2025

CVE-2022-3297
Publication date:
25/09/2022
Use After Free in GitHub repository vim/vim prior to 9.0.0579.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-41343
Publication date:
25/09/2022
registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.
Severity CVSS v4.0: Pending analysis
Last modification:
22/05/2025

CVE-2022-3296
Publication date:
25/09/2022
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities