Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-32561
Publication date:
11/05/2021
OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2021

CVE-2021-21990
Publication date:
11/05/2021
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response.
Severity CVSS v4.0: Pending analysis
Last modification:
05/06/2022

CVE-2021-31915
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.4, OS command injection leading to remote code execution was possible.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2021

CVE-2021-31914
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.4 on Windows, arbitrary code execution on TeamCity Server was possible.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2021

CVE-2021-31913
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.3, insufficient checks of the redirect_uri were made during GitHub SSO token exchange.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2021

CVE-2021-31912
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.3, account takeover was potentially possible during a password reset.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2021

CVE-2021-31910
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.3, information disclosure via SSRF was possible.
Severity CVSS v4.0: Pending analysis
Last modification:
17/05/2021

CVE-2021-31911
Publication date:
11/05/2021
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
Severity CVSS v4.0: Pending analysis
Last modification:
14/05/2021

CVE-2021-30482
Publication date:
11/05/2021
In JetBrains UpSource before 2020.1.1883, application passwords were not revoked correctly
Severity CVSS v4.0: Pending analysis
Last modification:
20/05/2021

CVE-2021-31897
Publication date:
11/05/2021
In JetBrains WebStorm before 2021.1, code execution without user confirmation was possible for untrusted projects.
Severity CVSS v4.0: Pending analysis
Last modification:
19/05/2021

CVE-2021-31898
Publication date:
11/05/2021
In JetBrains WebStorm before 2021.1, HTTP requests were used instead of HTTPS.
Severity CVSS v4.0: Pending analysis
Last modification:
08/08/2023

CVE-2020-35438
Publication date:
11/05/2021
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2023
Subscribe to Vulnerabilities