Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-40171
Publication date:
15/12/2021
The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2023

CVE-2021-43113
Publication date:
15/12/2021
iTextPDF in iText 7 and up to (excluding 4.4.13.3) 7.1.17 allows command injection via a CompareTool filename that is mishandled on the gs (aka Ghostscript) command line in GhostscriptHelper.java.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2026

CVE-2021-26787
Publication date:
15/12/2021
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-36450
Publication date:
15/12/2021
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-41871
Publication date:
15/12/2021
An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-41870
Publication date:
15/12/2021
An issue was discovered in the firmware update form in Socomec REMOTE VIEW PRO 2.0.41.4. An authenticated attacker can bypass a client-side file-type check and upload arbitrary .php files.
Severity CVSS v4.0: Pending analysis
Last modification:
17/12/2021

CVE-2021-41844
Publication date:
15/12/2021
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2021-4110
Publication date:
15/12/2021
mruby is vulnerable to NULL Pointer Dereference
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2021

CVE-2021-43827
Publication date:
14/12/2021
discourse-footnote is a library providing footnotes for posts in Discourse. ### Impact When posting an inline footnote wrapped in `` tags (e.g. `^[footnote]`, the resulting rendered HTML would include a nested ``, which is stripped by Nokogiri because it is not valid. This then caused a javascript error on topic pages because we were looking for an `` element inside the footnote reference span and getting its ID, and because it did not exist we got a null reference error in javascript. Users are advised to update to version 0.2. As a workaround editing offending posts from the rails console or the database console for self-hosters, or disabling the plugin in the admin panel can mitigate this issue.
Severity CVSS v4.0: Pending analysis
Last modification:
29/12/2021

CVE-2021-44942
Publication date:
14/12/2021
glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.
Severity CVSS v4.0: Pending analysis
Last modification:
15/12/2021

CVE-2021-34426
Publication date:
14/12/2021
A vulnerability was discovered in the Keybase Client for Windows before version 5.6.0 when a user executed the "keybase git lfs-config" command on the command-line. In versions prior to 5.6.0, a malicious actor with write access to a user\'s Git repository could leverage this vulnerability to potentially execute arbitrary Windows commands on a user\'s local system.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2022

CVE-2021-34425
Publication date:
14/12/2021
The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.
Severity CVSS v4.0: Pending analysis
Last modification:
12/04/2022
Subscribe to Vulnerabilities