Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-5378

Publication date:
11/06/2018
Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2017-5379

Publication date:
11/06/2018
Use-after-free vulnerability in Web Animations when interacting with cycle collection found through fuzzing. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9064

Publication date:
11/06/2018
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9065

Publication date:
11/06/2018
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9066

Publication date:
11/06/2018
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9067

Publication date:
11/06/2018
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9068

Publication date:
11/06/2018
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9070

Publication date:
11/06/2018
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9071

Publication date:
11/06/2018
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9072

Publication date:
11/06/2018
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9073

Publication date:
11/06/2018
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2016-9074

Publication date:
11/06/2018
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026