Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-22986
Publication date:
31/03/2022
Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2022-26019
Publication date:
31/03/2022
Improper access control vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions prior to 2.6.0 and pfSense Plus software versions prior to 22.01) allows a remote attacker with the privilege to change NTP GPS settings to rewrite existing files on the file system, which may result in arbitrary command execution.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-25348
Publication date:
31/03/2022
Untrusted search path vulnerability in AttacheCase ver.4.0.2.7 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2022-28128
Publication date:
31/03/2022
Untrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-43663
Publication date:
31/03/2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component cloudupdate_check.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2021-43661
Publication date:
31/03/2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2021-43662
Publication date:
31/03/2022
totolink EX300_v2, ver V4.0.3c.140_B20210429 and A720R ,ver V4.1.5cu.470_B20200911 have an issue which causes uncontrolled resource consumption.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-25008
Publication date:
30/03/2022
totolink EX300_v2 V4.0.3c.140_B20210429 and EX1200T V4.1.2cu.5230_B20210706 does not contain an authentication mechanism.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-26646
Publication date:
30/03/2022
Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2022-26645
Publication date:
30/03/2022
A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2022-26644
Publication date:
30/03/2022
Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.
Severity CVSS v4.0: Pending analysis
Last modification:
16/12/2025

CVE-2021-43664
Publication date:
30/03/2022
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a command injection vulnerability via the component process forceugpo.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022
Subscribe to Vulnerabilities