Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2011-5285

Publication date:

01/01/2015

Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 allow remote attackers to inject arbitrary web script or HTML via (1) the ActionType parameter to Bug.php, the ReportMode parameter to (2) Report.php or (3) ReportLeft.php, or the PATH_INFO to (4) AdminProjectList.php, (5) AdminGroupList.php, or (6) AdminUserLogList.php.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9433

Publication date:

31/12/2014

Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9432

Publication date:

31/12/2014

Multiple cross-site scripting (XSS) vulnerabilities in templates/2k11/admin/overview.inc.tpl in Serendipity before 2.0-rc2 allow remote attackers to inject arbitrary web script or HTML via a blog comment in the QUERY_STRING to serendipity/index.php.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9431

Publication date:

31/12/2014

Multiple cross-site request forgery (CSRF) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to hijack the authentication of administrators for requests that change the (1) admin or (2) dial password via a request to httpd/cgi-bin/changepw.cgi.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9430

Publication date:

31/12/2014

Cross-site scripting (XSS) vulnerability in httpd/cgi-bin/vpn.cgi/vpnconfig.dat in Smoothwall Express 3.0 SP3 allows remote attackers to inject arbitrary web script or HTML via the COMMENT parameter in an Add action.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9429

Publication date:

31/12/2014

Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall Express 3.1 and 3.0 SP3 allow remote attackers to inject arbitrary web script or HTML via the (1) PROFILENAME parameter in a Save action to httpd/cgi-bin/pppsetup.cgi or (2) COMMENT parameter in an Add action to httpd/cgi-bin/ddns.cgi.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9119

Publication date:

31/12/2014

Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-8145

Publication date:

31/12/2014

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-8144

Publication date:

31/12/2014

Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorization code via unknown vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2011-5284

Publication date:

31/12/2014

Cross-site request forgery (CSRF) vulnerability in the web management interface in httpd/cgi-bin/shutdown.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to hijack the authentication of administrators for requests that perform a reboot via a request to cgi-bin/shutdown.cgi.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2011-5283

Publication date:

31/12/2014

Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2014-9401

Publication date:

31/12/2014

Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts Automatically plugin 0.7 and earlier for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the lpa_post_letters parameter in the wp-limit-posts-automatically.php page to wp-admin/options-general.php.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

Subscribe to Vulnerabilities