Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1000491
Publication date:
03/01/2018
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000466
Publication date:
03/01/2018
Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000492
Publication date:
03/01/2018
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000493
Publication date:
03/01/2018
Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrator account takeover
Severity CVSS v4.0: Pending analysis
Last modification:
01/05/2019

CVE-2017-1000459
Publication date:
03/01/2018
Leanote version
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000463
Publication date:
03/01/2018
Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000437
Publication date:
02/01/2018
Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
16/01/2018

CVE-2017-1000432
Publication date:
02/01/2018
Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000434
Publication date:
02/01/2018
Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));
Severity CVSS v4.0: Pending analysis
Last modification:
17/01/2018

CVE-2017-1000425
Publication date:
02/01/2018
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/03/2018

CVE-2017-1000438
Publication date:
02/01/2018
In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2017-1000427
Publication date:
02/01/2018
marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023
Subscribe to Vulnerabilities