Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-40645
Publication date:
30/03/2022
An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022

CVE-2021-40644
Publication date:
30/03/2022
An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2021-45031
Publication date:
30/03/2022
A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.
Severity CVSS v4.0: Pending analysis
Last modification:
18/05/2026

CVE-2019-9564
Publication date:
30/03/2022
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2023

CVE-2019-12266
Publication date:
30/03/2022
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-1160
Publication date:
30/03/2022
heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-24132
Publication date:
30/03/2022
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2022-27772
Publication date:
30/03/2022
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-24135
Publication date:
30/03/2022
QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.
Severity CVSS v4.0: Pending analysis
Last modification:
05/04/2022

CVE-2022-28223
Publication date:
30/03/2022
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-22772
Publication date:
30/03/2022
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Severity CVSS v4.0: Pending analysis
Last modification:
07/04/2022

CVE-2021-44310
Publication date:
30/03/2022
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
08/04/2022
Subscribe to Vulnerabilities