Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-19664
Publication date:
10/02/2020
A CSRF vulnerability exists in the Web Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server Web settings at RAPR/WebSettingsGeneralSet.html.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2020

CVE-2019-19662
Publication date:
10/02/2020
A CSRF vulnerability exists in the Web File Manager's Create/Delete Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can Create and Delete accounts via RAPR/TriggerServerFunction.html.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2020

CVE-2013-2109
Publication date:
10/02/2020
WordPress plugin wp-cleanfix has Remote Code Execution
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2020

CVE-2013-2108
Publication date:
10/02/2020
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
Severity CVSS v4.0: Pending analysis
Last modification:
18/02/2020

CVE-2019-19665
Publication date:
10/02/2020
A CSRF vulnerability exists in the FTP Settings of Web File Manager in Rumpus FTP 8.2.9.1. Exploitation of this vulnerability can result in manipulation of Server FTP settings at RAPR/FTPSettingsSet.html.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2019-19660
Publication date:
10/02/2020
A CSRF vulnerability exists in the Web File Manager's Network Setting functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can manipulate the SMTP setting and other network settings via RAPR/NetworkSettingsSet.html.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2020-8089
Publication date:
10/02/2020
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2020

CVE-2019-19663
Publication date:
10/02/2020
A CSRF vulnerability exists in the Folder Sets Settings of Web File Manager in Rumpus FTP 8.2.9.1. This allows an attacker to Create/Delete Folders after exploiting it at RAPR/FolderSetsSet.html.
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2020

CVE-2019-19659
Publication date:
10/02/2020
A CSRF vulnerability exists in the Web File Manager's Edit Accounts functionality of Rumpus FTP Server 8.2.9.1. By exploiting it, an attacker can take over a user account by changing the password, update users' details, and escalate privileges via RAPR/DefineUsersSet.html.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2020

CVE-2012-5828
Publication date:
10/02/2020
BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerability via a Web browser component error
Severity CVSS v4.0: Pending analysis
Last modification:
14/02/2020

CVE-2012-2204
Publication date:
10/02/2020
InfoSphere Guardium aix_ktap module: DoS
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2012-1994
Publication date:
10/02/2020
HP Systems Insight Manager before 7.0 allows a remote user on adjacent network to access information
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024
Subscribe to Vulnerabilities