Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-41533
Publication date:
28/09/2021
A vulnerability has been identified in NX 1980 Series (All versions
Severity CVSS v4.0: Pending analysis
Last modification:
28/11/2021

CVE-2021-33600
Publication date:
28/09/2021
A denial-of-service (DoS) vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. The vulnerability occurs because of an attacker can trigger assertion via malformed HTTP packet to web interface. An unauthenticated attacker could exploit this vulnerability by sending a large username parameter. A successful exploitation could lead to a denial-of-service of the product.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2021

CVE-2021-33601
Publication date:
28/09/2021
A vulnerability was discovered in the web user interface of F-Secure Internet Gatekeeper. An authenticated user can modify settings through the web user interface in a way that could lead to an arbitrary code execution on the F-Secure Internet Gatekeeper server.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2021

CVE-2021-36165
Publication date:
28/09/2021
RICON Industrial Cellular Router S9922L 16.10.3(3794) is affected by cleartext storage of sensitive information and sends username and password as base64.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-20691
Publication date:
27/09/2021
An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via bypassing the file extension filter and uploading crafted HTML files.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2021

CVE-2020-20692
Publication date:
27/09/2021
GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerability via the $_GET parameter in /src/core/controllers/cm.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2021

CVE-2020-20695
Publication date:
27/09/2021
A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2021

CVE-2020-20693
Publication date:
27/09/2021
A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenticated attackers to arbitrarily add administrator accounts.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2021

CVE-2020-20696
Publication date:
27/09/2021
A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2021

CVE-2020-24930
Publication date:
27/09/2021
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2021

CVE-2021-37270
Publication date:
27/09/2021
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
Severity CVSS v4.0: Pending analysis
Last modification:
06/10/2021

CVE-2021-37274
Publication date:
27/09/2021
Kingdee KIS Professional Edition has a privilege escalation vulnerability. Attackers can use the vulnerability to gain computer administrator rights via unspecified loopholes.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022
Subscribe to Vulnerabilities