Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-45391

Publication date:
16/02/2022
A Buffer Overflow vulnerability exists in Tenda Router AX12 V22.03.01.21_CN in the sub_422CE4 function in the goform/setIPv6Status binary file /usr/sbin/httpd via the conType parameter, which causes a Denial of Service.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-23358

Publication date:
16/02/2022
EasyCMS v1.6 allows for SQL injection via ArticlemAction.class.php. In the background, search terms provided by the user were not sanitized and were used directly to construct a SQL statement.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2021-46388

Publication date:
16/02/2022
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: Reason: The issue is not a vulnerability (fails CNT2) - Has no impact on availability, integrity or confidence as only documented html templates are shown without additional data or the option to store changes. Notes
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0559

Publication date:
16/02/2022
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0614

Publication date:
16/02/2022
Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2023

CVE-2022-0613

Publication date:
16/02/2022
Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-0612

Publication date:
16/02/2022
Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-25241

Publication date:
16/02/2022
In FileCloud before 21.3, the CSV user import functionality is vulnerable to Cross-Site Request Forgery (CSRF).
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-25242

Publication date:
16/02/2022
In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF).
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2022

CVE-2022-25235

Publication date:
16/02/2022
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2022-25236

Publication date:
16/02/2022
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2022-0611

Publication date:
16/02/2022
Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2023