Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2015-9325
Publication date:
16/08/2019
The visitors-online plugin before 0.4 for WordPress has SQL injection.
Severity CVSS v4.0: Pending analysis
Last modification:
21/08/2019

CVE-2019-15117
Publication date:
16/08/2019
parse_audio_mixer_unit in sound/usb/mixer.c in the Linux kernel through 5.2.9 mishandles a short descriptor, leading to out-of-bounds memory access.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2017-18548
Publication date:
16/08/2019
The note-press plugin before 0.1.2 for WordPress has SQL injection.
Severity CVSS v4.0: Pending analysis
Last modification:
16/08/2019

CVE-2019-14923
Publication date:
16/08/2019
EyesOfNetwork 5.1 allows Remote Command Execution via shell metacharacters in the module/tool_all/ host field.
Severity CVSS v4.0: Pending analysis
Last modification:
23/02/2021

CVE-2019-15091
Publication date:
16/08/2019
filemgr.php in Artica Integria IMS 5.0.86 allows index.php?sec=wiki&sec2=operation/wiki/wiki&action=upload arbitrary file upload.
Severity CVSS v4.0: Pending analysis
Last modification:
27/08/2019

CVE-2019-15108
Publication date:
16/08/2019
An issue was discovered in WSO2 API Manager 2.6.0 before WSO2-CARBON-PATCH-4.4.0-4457. There is XSS via a crafted filename to the file-upload feature of the event simulator component.
Severity CVSS v4.0: Pending analysis
Last modification:
03/03/2023

CVE-2018-20969
Publication date:
16/08/2019
do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.
Severity CVSS v4.0: Pending analysis
Last modification:
05/09/2019

CVE-2016-10894
Publication date:
16/08/2019
xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger).
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2023

CVE-2019-15105
Publication date:
16/08/2019
An issue was discovered in Zoho ManageEngine Application Manager through 14.2. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2019-15104
Publication date:
16/08/2019
An issue was discovered in Zoho ManageEngine OpManager through 12.4x. There is a SQL Injection vulnerability in jsp/NewThresholdConfiguration.jsp via the resourceid parameter. Therefore, a low-authority user can gain the authority of SYSTEM on the server. One can consequently upload a malicious file using the "Execute Program Action(s)" feature.
Severity CVSS v4.0: Pending analysis
Last modification:
26/08/2019

CVE-2019-15106
Publication date:
16/08/2019
An issue was discovered in Zoho ManageEngine OpManager in builds before 14310. One can bypass the user password requirement and execute commands on the server. The "username+'@opm' string is used for the password. For example, if the username is admin, the password is admin@opm.
Severity CVSS v4.0: Pending analysis
Last modification:
24/08/2020

CVE-2019-15107
Publication date:
16/08/2019
An issue was discovered in Webmin
Severity CVSS v4.0: Pending analysis
Last modification:
06/11/2025
Subscribe to Vulnerabilities