Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-47767
Publication date:
26/01/2023
A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-47615
Publication date:
26/01/2023
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-47100
Publication date:
26/01/2023
A vulnerability in Sengled Smart bulb 0x0000024 allows attackers to arbitrarily perform a factory reset on the device via a crafted IEEE 802.15.4 frame.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-46999
Publication date:
26/01/2023
Tuzicms v2.0.6 was discovered to contain a SQL injection vulnerability via the component \App\Manage\Controller\UserController.class.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-47073
Publication date:
26/01/2023
A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-46998
Publication date:
26/01/2023
An issue in the website background of taocms v3.0.2 allows attackers to execute a Server-Side Request Forgery (SSRF).
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-47042
Publication date:
26/01/2023
MCMS v5.2.10 and below was discovered to contain an arbitrary file write vulnerability via the component ms/template/writeFileContent.do.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-47040
Publication date:
26/01/2023
An issue in ASKEY router RTF3505VW-N1 BR_SV_g000_R3505VMN1001_s32_7 allows attackers to escalate privileges via running the tcpdump command after placing a crafted file in the /tmp directory and sending crafted packets through port 80.
Severity CVSS v4.0: Pending analysis
Last modification:
02/04/2025

CVE-2022-47052
Publication date:
26/01/2023
The web interface of the 'Nighthawk R6220 AC1200 Smart Wi-Fi Router' is vulnerable to a CRLF Injection attack that can be leveraged to perform Reflected XSS and HTML Injection. A malicious unauthenticated attacker can exploit this vulnerability using a specially crafted URL. This affects firmware versions: V1.1.0.112_1.0.1, V1.1.0.114_1.0.1.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-46624
Publication date:
26/01/2023
A cross-site scripting (XSS) vulnerability in Online Graduate Tracer System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-46957
Publication date:
26/01/2023
Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025

CVE-2022-46128
Publication date:
26/01/2023
phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.
Severity CVSS v4.0: Pending analysis
Last modification:
01/04/2025
Subscribe to Vulnerabilities