Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2018-10318
Publication date:
24/04/2018
Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata.
Severity CVSS v4.0: Pending analysis
Last modification:
16/05/2018

CVE-2018-10309
Publication date:
24/04/2018
The Responsive Cookie Consent plugin before 1.8 for WordPress mishandles number fields, leading to XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
06/06/2018

CVE-2018-10316
Publication date:
24/04/2018
Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the assemble_file function of asm/nasm.c because of a globallineno integer overflow.
Severity CVSS v4.0: Pending analysis
Last modification:
13/07/2020

CVE-2018-10311
Publication date:
24/04/2018
A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the tag[pinyin] parameter to the /index.php?m=tags&f=index&v=add URI.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2018-10312
Publication date:
24/04/2018
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2018-10313
Publication date:
24/04/2018
WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI.
Severity CVSS v4.0: Pending analysis
Last modification:
05/05/2025

CVE-2016-9599
Publication date:
24/04/2018
puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an access-control flaw in the IPtables rules management, which allowed the creation of TCP/UDP rules with empty port values. If SSL is enabled, a malicious user could use these open ports to gain access to unauthorized resources.
Severity CVSS v4.0: Pending analysis
Last modification:
04/08/2021

CVE-2016-9601
Publication date:
24/04/2018
ghostscript before version 9.21 is vulnerable to a heap based buffer overflow that was found in the ghostscript jbig2_decode_gray_scale_image function which is used to decode halftone segments in a JBIG2 image. A document (PostScript or PDF) with an embedded, specially crafted, jbig2 image could trigger a segmentation fault in ghostscript.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-6491
Publication date:
24/04/2018
Local Escalation of Privilege vulnerability to Micro Focus Universal CMDB, versions 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, 10.33, 11.00. The vulnerability could be remotely exploited to Local Escalation of Privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2018-10303
Publication date:
23/04/2018
A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 allows remote attackers to execute arbitrary code, aka iDefense ID V-y0nqfutlf3.
Severity CVSS v4.0: Pending analysis
Last modification:
25/05/2018

CVE-2017-7893
Publication date:
23/04/2018
In SaltStack Salt before 2016.3.6, compromised salt-minions can impersonate the salt-master.
Severity CVSS v4.0: Pending analysis
Last modification:
03/10/2019

CVE-2018-1106
Publication date:
23/04/2018
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2019
Subscribe to Vulnerabilities