Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-8487
Publication date:
15/06/2017
Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9419
Publication date:
15/06/2017
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9675
Publication date:
15/06/2017
On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an unauthenticated GET request to trigger a reboot.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9674
Publication date:
15/06/2017
In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9673
Publication date:
15/06/2017
In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an administrator account (via the index.php/user/new URI) or change its settings (via the index.php/user/1 URI), including its password.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9613
Publication date:
15/06/2017
Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2016-10395
Publication date:
15/06/2017
In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9505
Publication date:
15/06/2017
Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if a user had permission to view a page when creating a workbox notification about new comments. An attacker who can login to Confluence could receive workbox notifications, which contain the content of comments, for comments added to a page after they started watching it even if they do not have permission to view the page itself.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2015-7732
Publication date:
15/06/2017
The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-5244
Publication date:
15/06/2017
Routes used to stop running Metasploit tasks (either particular ones or all tasks) allowed GET requests. Only POST requests should have been allowed, as the stop/stop_all routes change the state of the service. This could have allowed an attacker to stop currently-running Metasploit tasks by getting an authenticated user to execute JavaScript. As of Metasploit 4.14.0 (Update 2017061301), the routes for stopping tasks only allow POST requests, which validate the presence of a secret token to prevent CSRF attacks.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1379
Publication date:
15/06/2017
IBM API Connect 5.0.0.0 could allow a remote attacker to obtain sensitive information, caused by improper handling of requests to the Developer Portal. IBM X-Force ID: 127002.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-9670
Publication date:
15/06/2017
An uninitialized stack variable vulnerability in load_tic_series() in set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service (Segmentation fault and Memory Corruption) or possibly have unspecified other impact when a victim opens a specially crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
14/08/2025
Subscribe to Vulnerabilities