Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-33727
Publication date:
12/10/2021
A vulnerability has been identified in SINEC NMS (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2021-33723
Publication date:
12/10/2021
A vulnerability has been identified in SINEC NMS (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2022

CVE-2021-42009
Publication date:
12/10/2021
An authenticated Apache Traffic Control Traffic Ops user with Portal-level privileges can send a request with a specially-crafted email subject to the /deliveryservices/request Traffic Ops endpoint to send an email, from the Traffic Ops server, with an arbitrary body to an arbitrary email address. Apache Traffic Control 5.1.x users should upgrade to 5.1.3 or 6.0.0. 4.1.x users should upgrade to 5.1.3.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-23448
Publication date:
11/10/2021
All versions of package config-handler are vulnerable to Prototype Pollution when loading config files.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-42257
Publication date:
11/10/2021
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2021-42260
Publication date:
11/10/2021
TinyXML through 2.6.2 has an infinite loop in TiXmlParsingData::Stamp in tinyxmlparser.cpp via the TIXML_UTF_LEAD_0 case. It can be triggered by a crafted XML message and leads to a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2025

CVE-2021-40188
Publication date:
11/10/2021
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2020-27372
Publication date:
11/10/2021
A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2021-40189
Publication date:
11/10/2021
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2021

CVE-2021-40617
Publication date:
11/10/2021
An SQL Injection vulnerability exists in openSIS Community Edition version 8.0 via ForgotPassUserName.php.
Severity CVSS v4.0: Pending analysis
Last modification:
16/04/2025

CVE-2021-40239
Publication date:
11/10/2021
A Buffer Overflow vulnerability exists in the latest version of Miniftpd in the do_retr function in ftpproto.c
Severity CVSS v4.0: Pending analysis
Last modification:
19/10/2021

CVE-2021-25738
Publication date:
11/10/2021
Loading specially-crafted yaml with the Kubernetes Java Client library can lead to code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
28/10/2022
Subscribe to Vulnerabilities