Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-16792
Publication date:
22/01/2020
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
Severity CVSS v4.0: Pending analysis
Last modification:
23/09/2022

CVE-2016-4761
Publication date:
22/01/2020
WebKitGTK+ before 2.14.0: A use-after-free vulnerability can allow remote attackers to cause a DoS
Severity CVSS v4.0: Pending analysis
Last modification:
10/07/2020

CVE-2012-4919
Publication date:
22/01/2020
Gallery Plugin1.4 for WordPress has a Remote File Include Vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-5647
Publication date:
22/01/2020
The Chrome Plugin for Rapid7 AppSpider can incorrectly keep browser sessions active after recording a macro, even after a restart of the Chrome browser. This behavior could make future session hijacking attempts easier, since the user could believe a session was closed when it was not. This issue affects Rapid7 AppSpider version 3.8.213 and prior versions, and is fixed in version 3.8.215.
Severity CVSS v4.0: Pending analysis
Last modification:
30/01/2020

CVE-2011-3612
Publication date:
22/01/2020
Cross-Site Request Forgery (CSRF) vulnerability exists in panel.php in UseBB before 1.0.12.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-3613
Publication date:
22/01/2020
An issue exists in Vanilla Forums before 2.0.17.9 due to the way cookies are handled.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-3614
Publication date:
22/01/2020
An Access Control vulnerability exists in the Facebook, Twitter, and Embedded plugins in Vanilla Forums before 2.0.17.9.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-3621
Publication date:
22/01/2020
A reverse proxy issue exists in FluxBB before 1.4.7 when FORUM_BEHIND_REVERSE_PROXY is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-6146
Publication date:
22/01/2020
It has been reported that cross-site scripting (XSS) is possible in Forcepoint Web Security, version 8.x, via host header injection. CVSSv3.0: 5.3 (Medium) (/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Severity CVSS v4.0: Pending analysis
Last modification:
18/04/2022

CVE-2020-7109
Publication date:
22/01/2020
The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation of a new template.
Severity CVSS v4.0: Pending analysis
Last modification:
26/05/2023

CVE-2011-3611
Publication date:
22/01/2020
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2011-3595
Publication date:
22/01/2020
Multiple Cross-site Scripting (XSS) vulnerabilities exist in Joomla! through 1.7.0 in index.php in the search word, extension, asset, and author parameters.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities