Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-11532
Publication date:
29/05/2018
An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2018

CVE-2018-11523
Publication date:
29/05/2018
upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2018

CVE-2018-11531
Publication date:
29/05/2018
Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-11536
Publication date:
29/05/2018
md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-11528
Publication date:
29/05/2018
WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2018-10732
Publication date:
28/05/2018
The REST API in Dataiku DSS before 4.2.3 allows remote attackers to obtain sensitive information (i.e., determine if a username is valid) because of profile pictures visibility.
Severity CVSS v4.0: Pending analysis
Last modification:
02/07/2018

CVE-2018-11430
Publication date:
28/05/2018
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018

CVE-2018-11309
Publication date:
28/05/2018
Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admin-ajax.php request.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018

CVE-2018-11517
Publication date:
28/05/2018
mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.
Severity CVSS v4.0: Pending analysis
Last modification:
29/06/2018

CVE-2018-11516
Publication date:
28/05/2018
The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted .swf file.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2023

CVE-2018-11515
Publication date:
28/05/2018
The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018

CVE-2018-11514
Publication date:
28/05/2018
PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2018
Subscribe to Vulnerabilities