Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3159
Publication date:
23/07/2021
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2021

CVE-2021-25203
Publication date:
23/07/2021
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2021-25204
Publication date:
23/07/2021
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-25206
Publication date:
23/07/2021
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-25208
Publication date:
23/07/2021
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-25201
Publication date:
23/07/2021
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2019-9983
Publication date:
23/07/2021
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-25207
Publication date:
23/07/2021
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-20333
Publication date:
23/07/2021
Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split. This issue affects MongoDB Server v3.6 versions prior to 3.6.20; MongoDB Server v4.0 versions prior to 4.0.21 and MongoDB Server v4.2 versions prior to 4.2.10.
Severity CVSS v4.0: Pending analysis
Last modification:
17/09/2024

CVE-2021-26799
Publication date:
23/07/2021
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2020-14032
Publication date:
23/07/2021
ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via code execution in the SMM.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2021

CVE-2021-24036
Publication date:
23/07/2021
Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2022
Subscribe to Vulnerabilities