Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26437
Publication date:
15/09/2021
Visual Studio Code Spoofing Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2021-26435
Publication date:
15/09/2021
Windows Scripting Engine Memory Corruption Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
28/12/2023

CVE-2021-22149
Publication date:
15/09/2021
Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. Using this vulnerability, an authenticated attacker could utilize API keys belonging to higher privileged users.
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-22148
Publication date:
15/09/2021
Elastic Enterprise Search App Search versions before 7.14.0 was vulnerable to an issue where API keys were not bound to the same engines as their creator. This could lead to a less privileged user gaining access to unauthorized engines.
Severity CVSS v4.0: Pending analysis
Last modification:
18/10/2021

CVE-2020-35340
Publication date:
15/09/2021
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read the file contents from files that the running ExpertPDF process has access to read.
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2021

CVE-2021-22147
Publication date:
15/09/2021
Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. This could lead to an authenticated user gaining access to information that they are unauthorized to view.
Severity CVSS v4.0: Pending analysis
Last modification:
04/11/2022

CVE-2021-3778
Publication date:
15/09/2021
vim is vulnerable to Heap-based Buffer Overflow
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2021-3777
Publication date:
15/09/2021
nodejs-tmpl is vulnerable to Inefficient Regular Expression Complexity
Severity CVSS v4.0: Pending analysis
Last modification:
29/07/2022

CVE-2021-3751
Publication date:
15/09/2021
libmobi is vulnerable to Out-of-bounds Write
Severity CVSS v4.0: Pending analysis
Last modification:
24/09/2021

CVE-2021-3706
Publication date:
15/09/2021
adminlte is vulnerable to Sensitive Cookie Without 'HttpOnly' Flag
Severity CVSS v4.0: Pending analysis
Last modification:
25/10/2022

CVE-2021-23029
Publication date:
14/09/2021
On version 16.0.x before 16.0.1.2, insufficient permission checks may allow authenticated users with guest privileges to perform Server-Side Request Forgery (SSRF) attacks through F5 Advanced Web Application Firewall (WAF) and the BIG-IP ASM Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
27/09/2021

CVE-2021-23027
Publication date:
14/09/2021
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Severity CVSS v4.0: Pending analysis
Last modification:
28/09/2021
Subscribe to Vulnerabilities