Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2022-25578

Publication date:

18/03/2022

taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.

Severity CVSS v4.0: Pending analysis

Last modification:

14/02/2024

CVE-2022-25581

Publication date:

18/03/2022

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.

Severity CVSS v4.0: Pending analysis

Last modification:

28/03/2022

CVE-2022-26266

Publication date:

18/03/2022

Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.

Severity CVSS v4.0: Pending analysis

Last modification:

28/03/2022

CVE-2022-26265

Publication date:

18/03/2022

Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2022-26267

Publication date:

18/03/2022

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2022-25389

Publication date:

18/03/2022

DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.

Severity CVSS v4.0: Pending analysis

Last modification:

26/03/2022

CVE-2022-25390

Publication date:

18/03/2022

DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.

Severity CVSS v4.0: Pending analysis

Last modification:

26/03/2022

CVE-2022-27250

Publication date:

18/03/2022

The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device&#39;s screen, record video of the device&#39;s physical environment, or modify data.

Severity CVSS v4.0: Pending analysis

Last modification:

05/04/2022