Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-7421

Publication date:

21/03/2019

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL.

Severity CVSS v4.0: Pending analysis

Last modification:

25/03/2019

CVE-2019-7438

Publication date:

21/03/2019

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

26/04/2019

CVE-2019-7430

Publication date:

21/03/2019

PHP Scripts Mall Image Sharing Script 1.3.4 has HTML injection via the Search Bar.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7432

Publication date:

21/03/2019

PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7435

Publication date:

21/03/2019

PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the Search Form.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7439

Publication date:

21/03/2019

cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

24/08/2020

CVE-2019-7441

Publication date:

21/03/2019

cgi-bin/webscr?cmd=_cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter (such as amount_1), as demonstrated by purchasing an item for lower than the intended price. NOTE: The plugin author states it is true that the amount can be manipulated in the PayPal payment flow. However, the amount is validated against the WooCommerce order total before completing the order, and if it doesn’t match then the order will be left in an “On Hold” state

Severity CVSS v4.0: Pending analysis

Last modification:

04/08/2024

CVE-2019-7425

Publication date:

21/03/2019

XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/linkdownalertConfig.jsp" file in the task parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

30/10/2019

CVE-2019-7429

Publication date:

21/03/2019

PHP Scripts Mall Property Rental Software 2.1.4 has directory traversal via a direct request for a listing of an uploads directory such as the wp-content/uploads/2016/08 directory.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021