Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-15268

Publication date:

12/10/2017

Qemu through 2.10.0 allows remote attackers to cause a memory leak by triggering slow data-channel read operations, related to io/channel-websock.c.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10863

Publication date:

12/10/2017

Untrusted search path vulnerability in HIBUN Confidential File Decryption program prior to 10.50.0.5 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Note this is a separate vulnerability from CVE-2017-10865.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10864

Publication date:

12/10/2017

Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10865

Publication date:

12/10/2017

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10862

Publication date:

12/10/2017

jwt-scala 1.2.2 and earlier fails to verify token signatures correctly which may lead to an attacker being able to pass specially crafted JWT data as a correctly signed token.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-10857

Publication date:

12/10/2017

Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to bypass access restriction to perform arbitrary actions via "Cabinet" function.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-9514

Publication date:

12/10/2017

Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a REST endpoint that parsed a YAML file and did not sufficiently restrict which classes could be loaded. An attacker who can log in to Bamboo as a user is able to exploit this vulnerability to execute Java code of their choice on systems that have vulnerable versions of Bamboo.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-15286

Publication date:

12/10/2017

SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in shell.c because it fails to consider certain cases where `sqlite3_step(pStmt)==SQLITE_ROW` is false and a data structure is never initialized.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-15278

Publication date:

12/10/2017

Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-15279

Publication date:

12/10/2017

Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-15280

Publication date:

12/10/2017

XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 allows attackers to obtain sensitive information by reading files on the server or sending TCP requests to intranet hosts (aka SSRF), related to Umbraco.Web/umbraco.presentation/umbraco/dialogs/importDocumenttype.aspx.cs.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

CVE-2017-15285

Publication date:

12/10/2017

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image&#39;s Description URL to reference the .php URL in the attachments/ directory.

Severity CVSS v4.0: Pending analysis

Last modification:

13/05/2026

Subscribe to Vulnerabilities