Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-26608

Publication date:

09/09/2021

An arbitrary file download and execution vulnerability was found in the HShell.dll of handysoft Co., Ltd groupware ActiveX module. This issue is due to missing support for integrity check of download URL or downloaded file hash.

Severity CVSS v4.0: Pending analysis

Last modification:

02/08/2022

CVE-2020-7874

Publication date:

09/09/2021

Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension.

Severity CVSS v4.0: Pending analysis

Last modification:

22/09/2021

CVE-2021-28493

Publication date:

09/09/2021

In Arista&#39;s MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, a user may be able to execute commands despite not having the privileges to do so. This issue affects: Arista Metamako Operating System All releases in the MOS-0.1x train MOS-0.32.0 and prior releases

Severity CVSS v4.0: Pending analysis

Last modification:

22/09/2021

CVE-2020-7873

Publication date:

09/09/2021

Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution.

Severity CVSS v4.0: Pending analysis

Last modification:

22/09/2021

CVE-2021-40222

Publication date:

09/09/2021

Rittal CMC PU III Web management Version affected: V3.11.00_2. Version fixed: V3.17.10 is affected by a remote code execution vulnerablity. It is possible to introduce shell code to create a reverse shell in the PU-Hostname field of the TCP/IP Configuration dialog. Web application fails to sanitize user input on Network TCP/IP configuration page. This allows the attacker to inject commands as root on the device which will be executed once the data is received.

Severity CVSS v4.0: Pending analysis

Last modification:

22/09/2021

CVE-2021-40223

Publication date:

09/09/2021

Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.

Severity CVSS v4.0: Pending analysis

Last modification:

22/09/2021

CVE-2021-39459

Publication date:

09/09/2021

Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.

Severity CVSS v4.0: Pending analysis

Last modification:

31/03/2022

CVE-2021-39458

Publication date:

09/09/2021

Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

CVE-2021-38408

Publication date:

09/09/2021

A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

Severity CVSS v4.0: Pending analysis

Last modification:

20/09/2021

CVE-2021-36871

Publication date:

09/09/2021

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title.

Severity CVSS v4.0: Pending analysis

Last modification:

23/05/2023

CVE-2021-36870

Publication date:

09/09/2021

Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions

Severity CVSS v4.0: Pending analysis

Last modification:

26/05/2023

CVE-2021-20118

Publication date:

09/09/2021

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

Severity CVSS v4.0: Pending analysis

Last modification:

12/07/2022

Subscribe to Vulnerabilities