Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2013-7479
Publication date:
22/08/2019
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
Severity CVSS v4.0: Pending analysis
Last modification:
08/10/2024

CVE-2016-10917
Publication date:
22/08/2019
The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2013-7481
Publication date:
22/08/2019
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2015-9335
Publication date:
22/08/2019
The limit-attempts plugin before 1.1.1 for WordPress has SQL injection during IP address handling.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2015-9336
Publication date:
22/08/2019
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2009-5158
Publication date:
22/08/2019
The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text.
Severity CVSS v4.0: Pending analysis
Last modification:
21/11/2024

CVE-2019-5638
Publication date:
21/08/2019
Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage.
Severity CVSS v4.0: Pending analysis
Last modification:
16/09/2024

CVE-2019-6177
Publication date:
21/08/2019
A vulnerability reported in Lenovo Solution Center version 03.12.003, which is no longer supported, could allow log files to be written to non-standard locations, potentially leading to privilege escalation. Lenovo ended support for Lenovo Solution Center and recommended that customers migrate to Lenovo Vantage or Lenovo Diagnostics in April 2018.
Severity CVSS v4.0: Pending analysis
Last modification:
14/10/2022

CVE-2019-13476
Publication date:
21/08/2019
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
Severity CVSS v4.0: Pending analysis
Last modification:
24/01/2023

CVE-2019-14686
Publication date:
21/08/2019
A DLL hijacking vulnerability exists in the Trend Micro Security's 2019 consumer family of products (v15) Folder Shield component and the standalone Trend Micro Ransom Buster (1.0) tool in which, if exploited, would allow an attacker to load a malicious DLL, leading to elevated privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2019-11601
Publication date:
21/08/2019
A directory traversal vulnerability in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to write or delete files at any location.
Severity CVSS v4.0: Pending analysis
Last modification:
02/02/2023

CVE-2019-10687
Publication date:
21/08/2019
KBPublisher 6.0.2.1 has SQL Injection via the admin/index.php?module=report entry_id[0] parameter, the admin/index.php?module=log id parameter, or an index.php?View=print&id[]= request.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2019
Subscribe to Vulnerabilities