Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2024-58336
Publication date:
30/12/2025
Akuvox Smart Intercom S539 contains an unauthenticated vulnerability that allows remote attackers to access live video streams by requesting the video.cgi endpoint on port 8080. Attackers can retrieve video stream data without authentication by directly accessing the specified endpoint on affected Akuvox doorphone and intercom devices.
Severity CVSS v4.0: HIGH
Last modification:
30/12/2025

CVE-2022-50799
Publication date:
30/12/2025
Fetch FTP Client 5.8.2 contains a denial of service vulnerability that allows attackers to trigger 100% CPU consumption by sending long server responses. Attackers can send specially crafted FTP server responses exceeding 2K bytes to cause excessive resource utilization and potentially crash the application.
Severity CVSS v4.0: HIGH
Last modification:
30/12/2025

CVE-2022-50800
Publication date:
30/12/2025
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
Severity CVSS v4.0: MEDIUM
Last modification:
30/12/2025

CVE-2022-50801
Publication date:
30/12/2025
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to authenticated stored cross-site scripting (XSS) attacks, allowing attackers with authenticated access to inject malicious scripts that will be executed in other users' browsers when they view the affected content.
Severity CVSS v4.0: MEDIUM
Last modification:
30/12/2025

CVE-2022-50802
Publication date:
30/12/2025
ETAP Safety Manager 1.0.0.32 contains a cross-site scripting vulnerability in the 'action' GET parameter that allows unauthenticated attackers to inject malicious HTML and JavaScript. Attackers can craft specially formed requests to execute arbitrary scripts in victim browser sessions, potentially stealing credentials or performing unauthorized actions.
Severity CVSS v4.0: MEDIUM
Last modification:
30/12/2025

CVE-2022-50803
Publication date:
30/12/2025
JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges.
Severity CVSS v4.0: CRITICAL
Last modification:
30/12/2025

CVE-2022-50804
Publication date:
30/12/2025
JM-DATA ONU JF511-TV version 1.0.67 is vulnerable to cross-site request forgery (CSRF) attacks, allowing attackers to perform administrative actions on behalf of authenticated users without their knowledge or consent.
Severity CVSS v4.0: MEDIUM
Last modification:
30/12/2025

CVE-2022-50792
Publication date:
30/12/2025
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated file disclosure vulnerability that allows remote attackers to access sensitive system files. Attackers can exploit the vulnerability by manipulating the 'file' GET parameter to disclose arbitrary files on the affected device.
Severity CVSS v4.0: HIGH
Last modification:
30/12/2025

CVE-2022-50793
Publication date:
30/12/2025
SOUND4 IMPACT/FIRST/PULSE/Eco
Severity CVSS v4.0: HIGH
Last modification:
30/12/2025

CVE-2022-50794
Publication date:
30/12/2025
SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system commands.
Severity CVSS v4.0: CRITICAL
Last modification:
30/12/2025

CVE-2022-50795
Publication date:
30/12/2025
SOUND4 IMPACT/FIRST/PULSE/Eco
Severity CVSS v4.0: HIGH
Last modification:
30/12/2025

CVE-2022-50796
Publication date:
30/12/2025
SOUND4 IMPACT/FIRST/PULSE/Eco
Severity CVSS v4.0: CRITICAL
Last modification:
30/12/2025
Subscribe to Vulnerabilities