Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-39333
Publication date:
01/11/2021
The Hashthemes Demo Importer Plugin
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2022

CVE-2021-31848
Publication date:
01/11/2021
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
Severity CVSS v4.0: Pending analysis
Last modification:
16/11/2023

CVE-2021-31849
Publication date:
01/11/2021
SQL injection vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker logged into ePO as an administrator to inject arbitrary SQL into the ePO database through the user management section of the DLP ePO extension.
Severity CVSS v4.0: Pending analysis
Last modification:
15/11/2023

CVE-2021-42917
Publication date:
01/11/2021
Buffer overflow vulnerability in Kodi xbmc up to 19.0, allows attackers to cause a denial of service due to improper length of values passed to istream.
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2024

CVE-2021-26740
Publication date:
01/11/2021
Arbitrary file upload vulnerability sysupload.php in millken doyocms 2.3 allows attackers to execute arbitrary code.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-26739
Publication date:
01/11/2021
SQL Injection vulnerability in pay.php in millken doyocms 2.3, allows attackers to execute arbitrary code, via the attribute parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-38847
Publication date:
01/11/2021
S-Cart v6.4.1 and below was discovered to contain an arbitrary file upload vulnerability in the Editor module on the Admin panel. This vulnerability allows attackers to execute arbitrary code via a crafted IMG file.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-29213
Publication date:
01/11/2021
A potential local bypass of security restrictions vulnerability has been identified in HPE ProLiant DL20 Gen10, HPE ProLiant ML30 Gen10, and HPE ProLiant MicroServer Gen10 Plus server's system ROMs prior to version 2.52. The vulnerability could be locally exploited to cause disclosure of sensitive information, denial of service (DoS), and/or compromise system integrity.
Severity CVSS v4.0: Pending analysis
Last modification:
02/11/2021

CVE-2021-27005
Publication date:
01/11/2021
Clustered Data ONTAP versions 9.6 and higher prior to 9.6P16, 9.7P16, 9.8P7 and 9.9.1P3 are susceptible to a vulnerability which could allow a remote attacker to cause a crash of the httpd server.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-3440
Publication date:
01/11/2021
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-3704
Publication date:
01/11/2021
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow a Denial of Service on the device.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2021-3705
Publication date:
01/11/2021
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that may allow an unauthorized user to reconfigure, reset the device.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022
Subscribe to Vulnerabilities