Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-30454
Publication date:
24/05/2022
Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2022

CVE-2022-30455
Publication date:
24/05/2022
Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2022

CVE-2022-30456
Publication date:
24/05/2022
Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.
Severity CVSS v4.0: Pending analysis
Last modification:
28/05/2022

CVE-2021-42655
Publication date:
24/05/2022
SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2022

CVE-2021-42656
Publication date:
24/05/2022
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
01/06/2022

CVE-2022-1848
Publication date:
24/05/2022
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022

CVE-2021-42654
Publication date:
24/05/2022
SiteServer CMS
Severity CVSS v4.0: Pending analysis
Last modification:
03/06/2022

CVE-2021-42659
Publication date:
24/05/2022
There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2022-1840
Publication date:
24/05/2022
A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input alert(1) leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2022-1839
Publication date:
24/05/2022
A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2022

CVE-2022-1838
Publication date:
24/05/2022
A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2022

CVE-2022-26531
Publication date:
24/05/2022
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2024
Subscribe to Vulnerabilities