Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-5364
Publication date:
12/01/2018
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2018

CVE-2018-5365
Publication date:
12/01/2018
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2018

CVE-2018-5366
Publication date:
12/01/2018
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2018

CVE-2018-5368
Publication date:
12/01/2018
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2018

CVE-2018-5369
Publication date:
12/01/2018
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2018

CVE-2018-5372
Publication date:
12/01/2018
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2018

CVE-2018-5371
Publication date:
12/01/2018
diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ME_1.00, and DSL-2540U devices with firmware ME_1.00, allows authenticated remote attackers to execute arbitrary OS commands via shell metacharacters in the ipaddr field of an HTTP GET request.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2024

CVE-2018-5357
Publication date:
12/01/2018
ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function in coders/dcm.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5358
Publication date:
12/01/2018
ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-5344
Publication date:
12/01/2018
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-5361
Publication date:
12/01/2018
The WPGlobus plugin 1.9.6 for WordPress has CSRF via wp-admin/options.php.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2018-5326
Publication date:
12/01/2018
Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified "older" Android platforms, allows Same Origin Policy Bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019
Subscribe to Vulnerabilities