Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2016-10989

Publication date:

17/09/2019

The leenkme plugin before 2.6.0 for WordPress has wp-admin/admin.php?page=leenkme_facebook CSRF.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10985

Publication date:

17/09/2019

The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10990

Publication date:

17/09/2019

The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10991

Publication date:

17/09/2019

The imdb-widget plugin before 1.0.9 for WordPress has Local File Inclusion.

Severity CVSS v4.0: Pending analysis

Last modification:

18/09/2019

CVE-2016-10983

Publication date:

17/09/2019

The ghost plugin before 0.5.6 for WordPress has no access control for wp-admin/tools.php?ghostexport=true downloads of exported data.

Severity CVSS v4.0: Pending analysis

Last modification:

18/09/2019

CVE-2016-10992

Publication date:

17/09/2019

The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

18/09/2019

CVE-2016-10982

Publication date:

17/09/2019

The kento-post-view-counter plugin through 2.8 for WordPress has wp-admin/admin.php?page=kentopvc_settings CSRF.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10980

Publication date:

17/09/2019

The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10979

Publication date:

17/09/2019

The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10978

Publication date:

17/09/2019

The fossura-tag-miner plugin before 1.1.5 for WordPress has CSRF.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019

CVE-2016-10981

Publication date:

17/09/2019

The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text.

Severity CVSS v4.0: Pending analysis

Last modification:

17/09/2019