Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-23879
Publication date:
15/03/2021
Unquoted service path vulnerability in McAfee Endpoint Product Removal (EPR) Tool prior to 21.2 allows local administrators to execute arbitrary code, with higher-level privileges, via execution from a compromised folder. The tool did not enforce and protect the execution path. Local admin privileges are required to place the files in the required location.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3150
Publication date:
15/03/2021
A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1
Severity CVSS v4.0: Pending analysis
Last modification:
03/12/2021

CVE-2021-28363
Publication date:
15/03/2021
The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted.
Severity CVSS v4.0: Pending analysis
Last modification:
21/06/2024

CVE-2021-27949
Publication date:
15/03/2021
Cross-site Scripting vulnerability in MyBB before 1.8.26 via Custom moderator tools.
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2021

CVE-2021-27948
Publication date:
15/03/2021
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. (issue 3 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2021

CVE-2021-27947
Publication date:
15/03/2021
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. (issue 2 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
16/03/2021

CVE-2021-27946
Publication date:
15/03/2021
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2021-27890
Publication date:
15/03/2021
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2021

CVE-2021-20286
Publication date:
15/03/2021
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2021

CVE-2020-28149
Publication date:
15/03/2021
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2021

CVE-2020-29555
Publication date:
15/03/2021
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021

CVE-2020-29556
Publication date:
15/03/2021
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021
Subscribe to Vulnerabilities