Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-43212
Publication date:
22/11/2022
Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-39070
Publication date:
22/11/2022
There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-39066
Publication date:
22/11/2022
There is a SQL injection vulnerability in ZTE MF286R. Due to insufficient validation of the input parameters of the phonebook interface, an authenticated attacker could use the vulnerability to execute arbitrary SQL injection.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-39067
Publication date:
22/11/2022
There is a buffer overflow vulnerability in ZTE MF286R. Due to lack of input validation on parameters of the wifi interface, an authenticated attacker could use the vulnerability to perform a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44737
Publication date:
22/11/2022
Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-41952
Publication date:
22/11/2022
Synapse before 1.52.0 with URL preview functionality enabled will attempt to generate URL previews for media stream URLs without properly limiting connection time. Connections will only be terminated after `max_spider_size` (default: 10M) bytes have been downloaded, which can in some cases lead to long-lived connections towards the streaming media server (for instance, Icecast). This can cause excessive traffic and connections toward such servers if their stream URL is, for example, posted to a large room with many Synapse instances with URL preview enabled. Version 1.52.0 implements a timeout mechanism which will terminate URL preview connections after 30 seconds. Since generating URL previews for media streams is not supported and always fails, 1.53.0 additionally implements an allow list for content types for which Synapse will even attempt to generate a URL preview. Upgrade to 1.53.0 to fully resolve the issue. As a workaround, turn off URL preview functionality by setting `url_preview_enabled: false` in the Synapse configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
06/07/2023

CVE-2022-44807
Publication date:
22/11/2022
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow via webGetVarString.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44806
Publication date:
22/11/2022
D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44804
Publication date:
22/11/2022
D-Link DIR-882 1.10B02 and1.20B06 is vulnerable to Buffer Overflow via the websRedirect function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44808
Publication date:
22/11/2022
A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
25/04/2025

CVE-2022-44184
Publication date:
22/11/2022
Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow in /usr/sbin/httpd via parameter wan_dns1_sec.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025

CVE-2022-44201
Publication date:
22/11/2022
D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2025
Subscribe to Vulnerabilities