Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-22230
Publication date:
07/07/2021
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2021

CVE-2021-22227
Publication date:
07/07/2021
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2021

CVE-2021-26039
Publication date:
07/07/2021
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021

CVE-2021-26035
Publication date:
07/07/2021
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
07/07/2021

CVE-2021-20777
Publication date:
07/07/2021
Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App.
Severity CVSS v4.0: Pending analysis
Last modification:
03/05/2022

CVE-2021-20776
Publication date:
07/07/2021
Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2021

CVE-2021-20738
Publication date:
07/07/2021
WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
14/07/2021

CVE-2021-20739
Publication date:
07/07/2021
WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2021

CVE-2021-20780
Publication date:
07/07/2021
Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2021

CVE-2021-20779
Publication date:
07/07/2021
Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2021

CVE-2021-35039
Publication date:
07/07/2021
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2023

CVE-2021-22223
Publication date:
06/07/2021
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
Severity CVSS v4.0: Pending analysis
Last modification:
09/07/2021
Subscribe to Vulnerabilities