Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3169
Publication date:
23/07/2021
An issue in Jumpserver before 2.6.2, before 2.5.4, before 2.4.5 allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
Severity CVSS v4.0: Pending analysis
Last modification:
29/01/2024

CVE-2021-25809
Publication date:
23/07/2021
UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-25808
Publication date:
23/07/2021
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2021

CVE-2020-20741
Publication date:
23/07/2021
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect.
Severity CVSS v4.0: Pending analysis
Last modification:
09/08/2021

CVE-2021-25791
Publication date:
23/07/2021
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
Severity CVSS v4.0: Pending analysis
Last modification:
03/08/2021

CVE-2021-25790
Publication date:
23/07/2021
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-23412
Publication date:
23/07/2021
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2021-3159
Publication date:
23/07/2021
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/08/2021

CVE-2021-25203
Publication date:
23/07/2021
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2021

CVE-2021-25204
Publication date:
23/07/2021
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-25206
Publication date:
23/07/2021
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021

CVE-2021-25208
Publication date:
23/07/2021
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
Severity CVSS v4.0: Pending analysis
Last modification:
13/09/2021
Subscribe to Vulnerabilities