Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-45794
Publication date:
17/03/2022
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2022-0749
Publication date:
17/03/2022
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2022

CVE-2022-0748
Publication date:
17/03/2022
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-45792
Publication date:
17/03/2022
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2021-45791
Publication date:
17/03/2022
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2022-1000
Publication date:
17/03/2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025

CVE-2022-24072
Publication date:
17/03/2022
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2022-24073
Publication date:
17/03/2022
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2022-24075
Publication date:
17/03/2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2022

CVE-2022-24074
Publication date:
17/03/2022
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Severity CVSS v4.0: Pending analysis
Last modification:
30/06/2023

CVE-2022-22273
Publication date:
17/03/2022
Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024

CVE-2022-25516
Publication date:
17/03/2022
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. NOTE: Third party has disputed stating that the source code has also a disclaimer that it should only be used with trusted input.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2024
Subscribe to Vulnerabilities