Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-16630
Publication date:
28/12/2018
Kirby v2.5.12 allows XSS by using the "site files" Add option to upload an SVG file.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2019

CVE-2018-16632
Publication date:
28/12/2018
Mezzanine CMS v4.3.1 allows XSS via the /admin/blog/blogcategory/add/?_to_field=id&_popup=1 title parameter at admin/blog/blogpost/add/.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2019

CVE-2018-16637
Publication date:
28/12/2018
Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2019

CVE-2018-16638
Publication date:
28/12/2018
Evolution CMS 1.4.x allows XSS via the manager/ search parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
26/02/2019

CVE-2018-18696
Publication date:
28/12/2018
main.aspx in Microstrategy Analytics 10.4.0026.0049 and earlier has CSRF. NOTE: The vendor claims that documentation for preventing a CSRF attack has been provided (https://community.microstrategy.com/s/article/KB37643-New-security-feature-introduced-in-MicroStrategy-Web-9-0?language=en_US) and disagrees that this issue is a vulnerability. They also claim that MicroStrategy was never properly informed of this issue via normal support channels or their vulnerability reporting page on their website, so they were unable to evaluate the report or explain how this is something their customers view as a feature and not a security vulnerability
Severity CVSS v4.0: Pending analysis
Last modification:
05/08/2024

CVE-2018-5204
Publication date:
28/12/2018
ML Report version Between 2.00.000.0000 and 2.18.628.5980 contains a vulnerability that could allow remote attacker to download and execute remote arbitrary file by setting the arguments to the activex method. this can be leveraged for code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
11/02/2019

CVE-2018-7366
Publication date:
28/12/2018
ZTE ZXV10 B860AV2.1 product ChinaMobile branch with the ICNT versions up to V1.3.3, the BESTV versions up to V1.2.2, the WASU versions up to V1.1.7 and the MGTV versions up to V1.4.6 have an authentication bypass vulnerability, which may allows an unauthorized user to perform unauthorized operations.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019

CVE-2018-20569
Publication date:
28/12/2018
user/index.php in Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 allows SQL injection for authentication bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
10/01/2019

CVE-2018-20571
Publication date:
28/12/2018
DamiCMS 6.0.1 allows remote attackers to read arbitrary files via a crafted admin.php?s=Tpl/Add/id request, as demonstrated by admin.php?s=Tpl/Add/id/.\Public\Config\config.ini.php to read the global configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/01/2019

CVE-2018-20563
Publication date:
28/12/2018
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2019

CVE-2018-20562
Publication date:
28/12/2018
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article_category.php?rec=update has XSS via the cat_name parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2019

CVE-2018-20561
Publication date:
28/12/2018
An issue was discovered in DouCo DouPHP 1.5 20181221. admin/article.php?rec=update has XSS via the title parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
04/01/2019
Subscribe to Vulnerabilities