Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-3196

Publication date:

14/08/2013

The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly validate kernel-memory addresses, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3197 and CVE-2013-3198.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3197

Publication date:

14/08/2013

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3198

Publication date:

14/08/2013

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3185

Publication date:

14/08/2013

Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 on Windows Server 2003 R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 allows remote attackers to obtain sensitive information about the service account, and possibly conduct account-lockout attacks, by connecting to an endpoint, aka "AD FS Information Disclosure Vulnerability."

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2011-4718

Publication date:

13/08/2013

Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-2790

Publication date:

13/08/2013

The master-station DNP3 driver before driver19.exe, and Beta2041.exe, in IOServer allows remote attackers to cause a denial of service (infinite loop) via crafted DNP3 packets to TCP port 20000.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3464

Publication date:

13/08/2013

Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-4806

Publication date:

12/08/2013

The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possibility of duplicate Link State ID values in Link State Advertisement (LSA) packets before performing operations on the LSA database, which allows remote authenticated users to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3455

Publication date:

12/08/2013

Cisco Finesse allows remote attackers to obtain sensitive information by sniffing the network for HTTP query data, aka Bug ID CSCug16732.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-3457

Publication date:

12/08/2013

Absolute path traversal vulnerability in the web interface in Cisco Finesse allows remote attackers to read directory contents via a direct request to a directory URL, aka Bug ID CSCug16772.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-0492

Publication date:

09/08/2013

Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

CVE-2013-0494

Publication date:

09/08/2013

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header.

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2026

Subscribe to Vulnerabilities