Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-4678

Publication date:

19/06/2015

SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4679

Publication date:

19/06/2015

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4677

Publication date:

19/06/2015

Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka Fiverr Script) 7.2 allows remote attackers to hijack the authentication of administrators for requests that create a new admin via a request to administrator/admins_create.php.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4676

Publication date:

19/06/2015

SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4675

Publication date:

19/06/2015

Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4641

Publication date:

19/06/2015

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. (dot dot) in an entry in a ZIP archive, as demonstrated by a traversal to the /data/dalvik-cache directory.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-2865

Publication date:

19/06/2015

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-4640, CVE-2015-4641. Reason: this ID was intended for one issue, but was associated with two issues. Notes: All CVE users should consult CVE-2015-4640 and CVE-2015-4641 to identify the ID or IDs of interest. All references and descriptions in this candidate have been removed to prevent accidental usage

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2015-4640

Publication date:

19/06/2015

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. NOTE: CVE-2015-4640 exploitation can be combined with CVE-2015-4641 exploitation for man-in-the-middle code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-2797

Publication date:

19/06/2015

Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4194

Publication date:

19/06/2015

The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025

CVE-2015-4195

Publication date:

19/06/2015

Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul63127.

Severity CVSS v4.0: Pending analysis

Last modification:

12/04/2025