Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-29685
Publication date:
26/05/2022
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2022

CVE-2022-29686
Publication date:
26/05/2022
CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2022

CVE-2022-20809
Publication date:
26/05/2022
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-1664
Publication date:
26/05/2022
Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2022

CVE-2021-34360
Publication date:
26/05/2022
A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later
Severity CVSS v4.0: Pending analysis
Last modification:
07/06/2022

CVE-2021-4231
Publication date:
26/05/2022
A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.
Severity CVSS v4.0: Pending analysis
Last modification:
20/11/2025

CVE-2021-40317
Publication date:
26/05/2022
Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2022

CVE-2022-29721
Publication date:
26/05/2022
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.
Severity CVSS v4.0: Pending analysis
Last modification:
31/05/2022

CVE-2022-29720
Publication date:
26/05/2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022

CVE-2021-42859
Publication date:
26/05/2022
A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service. NOTE: testing reports are inconsistent, with some testers seeing the issue in both the 3.2 release and in the October 2021 development code, but others not seeing the issue in the 3.2 release
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2021-42860
Publication date:
26/05/2022
A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611. NOTE: it is unclear whether this input is allowed by the API specification
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2024

CVE-2021-42692
Publication date:
26/05/2022
There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022
Subscribe to Vulnerabilities