Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-8419
Publication date:
17/02/2019
VNote 2.2 has XSS via a new text note.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2019

CVE-2019-8422
Publication date:
17/02/2019
A SQL Injection vulnerability exists in PbootCMS v1.3.2 via the description parameter in apps\admin\controller\content\ContentController.php.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2019

CVE-2019-8421
Publication date:
17/02/2019
upload/protected/modules/admini/views/post/index.php in BageCMS through 3.1.4 allows SQL Injection via the title or titleAlias parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2019

CVE-2019-8418
Publication date:
17/02/2019
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-7649
Publication date:
17/02/2019
global.encryptPassword in bootstrap/global.js in CMSWing 1.3.7 relies on multiple MD5 operations for password hashing.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-8411
Publication date:
17/02/2019
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2019

CVE-2019-8412
Publication date:
17/02/2019
FeiFeiCms 4.0.181010 on Windows allows remote attackers to read or delete arbitrary files via index.php?s=Admin-Data-Down-id-..\ or index.php?s=Admin-Data-Del-id-..\ directory traversal.
Severity CVSS v4.0: Pending analysis
Last modification:
20/02/2019

CVE-2019-8413
Publication date:
17/02/2019
On Xiaomi MIX 2 devices with the 4.4.78 kernel, a NULL pointer dereference in the ioctl interface of the device file /dev/elliptic1 or /dev/elliptic0 causes a system crash via IOCTL 0x4008c575 (aka decimal 1074316661).
Severity CVSS v4.0: Pending analysis
Last modification:
22/09/2022

CVE-2019-8407
Publication date:
17/02/2019
HongCMS 3.0.0 allows arbitrary file read and write operations via a ../ in the filename parameter to the admin/index.php/language/edit URI.
Severity CVSS v4.0: Pending analysis
Last modification:
19/02/2019

CVE-2018-20782
Publication date:
17/02/2019
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
Severity CVSS v4.0: Pending analysis
Last modification:
13/05/2019

CVE-2019-8408
Publication date:
17/02/2019
OneFileCMS 3.6.13 allows remote attackers to modify onefilecms.php by clicking the Copy button twice.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2016-10742
Publication date:
17/02/2019
Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2020
Subscribe to Vulnerabilities