Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-17921

Publication date:
24/10/2018
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-17923

Publication date:
24/10/2018
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-13342

Publication date:
24/10/2018
The server API in the Anda app relies on hardcoded credentials.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-17903

Publication date:
24/10/2018
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-15750

Publication date:
24/10/2018
Directory Traversal vulnerability in salt-api in SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allows remote attackers to determine which files exist on the server.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-15751

Publication date:
24/10/2018
SaltStack Salt before 2017.7.8 and 2018.3.x before 2018.3.3 allow remote attackers to bypass authentication and execute arbitrary commands via salt-api(netapi).
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-18635

Publication date:
24/10/2018
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-18636

Publication date:
24/10/2018
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-18547

Publication date:
24/10/2018
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-18548

Publication date:
24/10/2018
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-9279

Publication date:
24/10/2018
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the user's password. The web page displayed by the appliance contains the password in cleartext. Passwords could be retrieved by browsing the source code of the webpage.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2018-9280

Publication date:
24/10/2018
An issue was discovered on Eaton UPS 9PX 8000 SP devices. The appliance discloses the SNMP version 3 user's password. The web page displayed by the appliance contains the password in cleartext. Passwords of the read and write users could be retrieved by browsing the source code of the webpage.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026