Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-24776

Publication date:
24/03/2022
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. Flask-AppBuilder contains an open redirect vulnerability when using database authentication login page on versions below 3.4.5. This issue is fixed in version 3.4.5. There are currently no known workarounds.
Severity CVSS v4.0: Pending analysis
Last modification:
07/03/2025

CVE-2022-22374

Publication date:
24/03/2022
The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442.
Severity CVSS v4.0: Pending analysis
Last modification:
16/06/2022

CVE-2021-43085

Publication date:
24/03/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-43666

Publication date:
24/03/2022
A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/07/2023

CVE-2021-43084

Publication date:
24/03/2022
An SQL Injection vulnerability exists in Dreamer CMS 4.0.0 via the tableName parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/04/2025

CVE-2022-25568

Publication date:
24/03/2022
MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-21820

Publication date:
24/03/2022
NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
24/07/2023

CVE-2022-0153

Publication date:
24/03/2022
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-26629

Publication date:
24/03/2022
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2022

CVE-2022-1058

Publication date:
24/03/2022
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2022-0551

Publication date:
24/03/2022
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024

CVE-2022-0550

Publication date:
24/03/2022
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
Severity CVSS v4.0: Pending analysis
Last modification:
20/09/2024