Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-9863
Publication date:
27/03/2019
Due to the use of an insecure algorithm for rolling codes in the ABUS Secvest wireless alarm system FUAA50000 3.01.01 and its remote controls FUBE50014 and FUBE50015, an attacker is able to predict valid future rolling codes, and can thus remotely control the alarm system in an unauthorized way.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-5927
Publication date:
27/03/2019
Directory traversal vulnerability in 'an' App for iOS Version 3.2.0 and earlier allows remote attackers to read arbitrary files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
27/03/2019

CVE-2019-5926
Publication date:
27/03/2019
Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2019

CVE-2019-5419
Publication date:
27/03/2019
There is a possible denial of service vulnerability in Action View (Rails)
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5420
Publication date:
27/03/2019
A remote code execution vulnerability in development mode Rails
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-5418
Publication date:
27/03/2019
There is a File Content Disclosure vulnerability in Action View
Severity CVSS v4.0: Pending analysis
Last modification:
30/10/2025

CVE-2018-16207
Publication date:
27/03/2019
PowerAct Pro Master Agent for Windows Version 5.13 and earlier allows authenticated attackers to bypass access restriction to alter or edit unauthorized files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2019-3877
Publication date:
27/03/2019
A vulnerability was found in mod_auth_mellon before v0.14.2. An open redirect in the logout URL allows requests with backslashes to pass through by assuming that it is a relative URL, while the browsers silently convert backslash characters into forward slashes treating them as an absolute URL. This mismatch allows an attacker to bypass the redirect URL validation logic in apr_uri_parse function.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3840
Publication date:
27/03/2019
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3814
Publication date:
27/03/2019
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2019-3828
Publication date:
27/03/2019
Ansible fetch module before versions 2.5.15, 2.6.14, 2.7.8 has a path traversal vulnerability which allows copying and overwriting files outside of the specified destination in the local ansible controller host, by not restricting an absolute path.
Severity CVSS v4.0: Pending analysis
Last modification:
12/06/2023

CVE-2019-3847
Publication date:
27/03/2019
A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2022
Subscribe to Vulnerabilities