Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-42699
Publication date:
05/11/2021
The affected product is vulnerable to cookie information being transmitted as cleartext over HTTP. An attacker can capture network traffic, obtain the user’s cookie and take over the account.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2021

CVE-2021-42701
Publication date:
05/11/2021
An attacker could prepare a specially crafted project file that, if opened, would attempt to connect to the cloud and trigger a man in the middle (MiTM) attack. This could allow an attacker to obtain credentials and take over the user’s cloud account.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2021

CVE-2021-3927
Publication date:
05/11/2021
vim is vulnerable to Heap-based Buffer Overflow
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3928
Publication date:
05/11/2021
vim is vulnerable to Use of Uninitialized Variable
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-39412
Publication date:
05/11/2021
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2021

CVE-2021-39411
Publication date:
05/11/2021
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2021-3924
Publication date:
05/11/2021
grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2021

CVE-2021-3916
Publication date:
05/11/2021
bookstack is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Severity CVSS v4.0: Pending analysis
Last modification:
09/11/2021

CVE-2021-42671
Publication date:
05/11/2021
An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-42670
Publication date:
05/11/2021
A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
Severity CVSS v4.0: Pending analysis
Last modification:
17/11/2021

CVE-2021-42667
Publication date:
05/11/2021
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2021

CVE-2021-42669
Publication date:
05/11/2021
A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by all users. By uploading a php webshell containing "" the attacker can execute commands on the web server with - /admin/uploads/php-webshell?cmd=id.
Severity CVSS v4.0: Pending analysis
Last modification:
29/11/2021
Subscribe to Vulnerabilities