Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26703
Publication date:
01/03/2021
EPrints 3.4.2 allows remote attackers to read arbitrary files and possibly execute commands via crafted JSON/XML input to a cgi/ajax/phrase URI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2021-27876
Publication date:
01/03/2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. By using crafted input parameters in one of these commands, an attacker can access an arbitrary file on the system using System privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-27877
Publication date:
01/03/2021
An issue was discovered in Veritas Backup Exec before 21.2. It supports multiple authentication schemes: SHA authentication is one of these. This authentication scheme is no longer used in current versions of the product, but hadn't yet been disabled. An attacker could remotely exploit this scheme to gain unauthorized access to an Agent and execute privileged commands.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-27878
Publication date:
01/03/2021
An issue was discovered in Veritas Backup Exec before 21.2. The communication between a client and an Agent requires successful authentication, which is typically completed over a secure TLS communication. However, due to a vulnerability in the SHA Authentication scheme, an attacker is able to gain unauthorized access and complete the authentication process. Subsequently, the client can execute data management protocol commands on the authenticated connection. The attacker could use one of these commands to execute an arbitrary command on the system using system privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-26475
Publication date:
01/03/2021
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
Severity CVSS v4.0: Pending analysis
Last modification:
04/03/2021

CVE-2021-27317
Publication date:
01/03/2021
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2021

CVE-2021-27318
Publication date:
01/03/2021
Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2021

CVE-2021-21517
Publication date:
01/03/2021
SRS Policy Manager 6.X is affected by an XML External Entity Injection (XXE) vulnerability due to a misconfigured XML parser that processes user-supplied DTD input without sufficient validation. A remote unauthenticated attacker can potentially exploit this vulnerability to read system files as a non-root user and may be able to temporarily disrupt the ESRS service.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2021

CVE-2021-3332
Publication date:
01/03/2021
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-21515
Publication date:
01/03/2021
Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server.
Severity CVSS v4.0: Pending analysis
Last modification:
08/03/2021

CVE-2021-22114
Publication date:
01/03/2021
Addresses partial fix in CVE-2018-1263. Spring-integration-zip, versions prior to 1.0.4, exposes an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder.
Severity CVSS v4.0: Pending analysis
Last modification:
09/03/2021

CVE-2021-25914
Publication date:
01/03/2021
Prototype pollution vulnerability in 'object-collider' versions 1.0.0 through 1.0.3 allows attacker to cause a denial of service and may lead to remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
30/04/2025
Subscribe to Vulnerabilities