Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27946
Publication date:
15/03/2021
SQL Injection vulnerability in MyBB before 1.8.26 via poll vote count. (issue 1 of 3).
Severity CVSS v4.0: Pending analysis
Last modification:
23/03/2021

CVE-2021-27890
Publication date:
15/03/2021
SQL Injection vulnerablity in MyBB before 1.8.26 via theme properties included in theme XML files.
Severity CVSS v4.0: Pending analysis
Last modification:
21/09/2021

CVE-2021-20286
Publication date:
15/03/2021
A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
22/03/2021

CVE-2020-28149
Publication date:
15/03/2021
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
24/03/2021

CVE-2020-29555
Publication date:
15/03/2021
The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to delete arbitrary files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021

CVE-2020-29556
Publication date:
15/03/2021
The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read arbitrary local files on the underlying server by exploiting a path-traversal technique. (This vulnerability can also be exploited by an unauthenticated attacker due to a lack of CSRF protection.)
Severity CVSS v4.0: Pending analysis
Last modification:
25/03/2021

CVE-2021-22191
Publication date:
15/03/2021
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2022

CVE-2020-24982
Publication date:
15/03/2021
An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account.
Severity CVSS v4.0: Pending analysis
Last modification:
21/05/2021

CVE-2020-24985
Publication date:
15/03/2021
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-27695
Publication date:
15/03/2021
Multiple stored cross-site scripting (XSS) vulnerabilities in openMAINT 2.1-3.3-b allow remote attackers to inject arbitrary web script or HTML via any "Add" sections, such as Add Card Building & Floor, or others in the Name and Code Parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2021

CVE-2021-27817
Publication date:
15/03/2021
A remote command execution vulnerability in shopxo 1.9.3 allows an attacker to upload malicious code generated by phar where the suffix is JPG, which is uploaded after modifying the phar suffix.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2021

CVE-2021-25675
Publication date:
15/03/2021
A vulnerability has been identified in SIMATIC S7-PLCSIM V5.4 (All versions). An attacker with local access to the system could cause a Denial-of-Service condition in the application when it is used to open a specially crafted file. As a consequence, a divide by zero operation could occur and cause the application to terminate unexpectedly and must be restarted to restore the service.
Severity CVSS v4.0: Pending analysis
Last modification:
18/03/2021
Subscribe to Vulnerabilities