Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-3746

Publication date:
01/06/2018
The pdfinfojs NPM module versions
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2023

CVE-2018-3755

Publication date:
01/06/2018
XSS in sexstatic
Severity CVSS v4.0: Pending analysis
Last modification:
28/02/2023

CVE-2018-3742

Publication date:
01/06/2018
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3745. Reason: This candidate is a reservation duplicate of CVE-2018-3745. Notes: All CVE users should reference CVE-2018-3745 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-11551

Publication date:
01/06/2018
AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-11552

Publication date:
01/06/2018
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable application.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-11581

Publication date:
01/06/2018
Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-11670

Publication date:
01/06/2018
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-11671

Publication date:
01/06/2018
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-10382

Publication date:
01/06/2018
MODX Revolution 2.6.3 has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-2852

Publication date:
01/06/2018
An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-2858

Publication date:
01/06/2018
An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-2860

Publication date:
01/06/2018
An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026