Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2006-2547
Publication date:
23/05/2006
Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2548
Publication date:
23/05/2006
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2550
Publication date:
23/05/2006
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-0747
Publication date:
23/05/2006
Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2540
Publication date:
23/05/2006
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2541
Publication date:
23/05/2006
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-1861
Publication date:
23/05/2006
Multiple integer overflows in FreeType before 2.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to (1) bdf/bdflib.c, (2) sfnt/ttcmap.c, (3) cff/cffgload.c, and (4) the read_lwfn function and a crafted LWFN file in base/ftmac.c. NOTE: item 4 was originally identified by CVE-2006-2493.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2542
Publication date:
23/05/2006
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2546
Publication date:
23/05/2006
A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2529
Publication date:
22/05/2006
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2530
Publication date:
22/05/2006
avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026

CVE-2006-2531
Publication date:
22/05/2006
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole".
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2026
Subscribe to Vulnerabilities