Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2007-1970

Publication date:

11/04/2007

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1971

Publication date:

11/04/2007

SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1944

Publication date:

11/04/2007

The Java Message Service (JMS) in IBM WebSphere Application Server (WAS) before 6.1.0.7 allows attackers to cause a denial of service via unknown vectors involving the "double release [of] a bytebuffer input stream," possibly a double free vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1955

Publication date:

11/04/2007

Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1941

Publication date:

11/04/2007

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML via a multipart/related e-mail message, a different issue than CVE-2006-4843.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1940

Publication date:

11/04/2007

IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 logs passwords in plaintext, which allows local users to obtain sensitive information by reading (1) ncisetup.db or (2) msi.log.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1945

Publication date:

11/04/2007

Unspecified vulnerability in the Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) before 6.1.0.7 has unknown impact and attack vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1954

Publication date:

11/04/2007

Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1942

Publication date:

11/04/2007

Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1943

Publication date:

11/04/2007

Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1946

Publication date:

11/04/2007

Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

CVE-2007-1947

Publication date:

11/04/2007

Cross-zone scripting vulnerability in the DOM templates (domplates) used by the console.log function in the Firebug extension before 1.04 for Mozilla Firefox allows remote attackers to bypass zone restrictions, read arbitrary file:// URIs, or execute arbitrary code in the browser chrome by overwriting the toString function via a certain function declaration, related to incorrect identification of anonymous JavaScript functions, a different issue than CVE-2007-1878.

Severity CVSS v4.0: Pending analysis

Last modification:

23/04/2026

Subscribe to Vulnerabilities