Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-1000129
Publication date:
17/11/2017
Serendipity 2.0.3 is vulnerable to a SQL injection in the blog component resulting in information disclosure
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000164
Publication date:
17/11/2017
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000223
Publication date:
17/11/2017
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000225
Publication date:
17/11/2017
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000158
Publication date:
17/11/2017
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution)
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000160
Publication date:
17/11/2017
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000229
Publication date:
17/11/2017
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000226
Publication date:
17/11/2017
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
Severity CVSS v4.0: Pending analysis
Last modification:
23/01/2026

CVE-2017-1000231
Publication date:
17/11/2017
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000246
Publication date:
17/11/2017
Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000248
Publication date:
17/11/2017
Redis-store
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-1000247
Publication date:
17/11/2017
British Columbia Institute of Technology CodeIgniter 3.1.3 is vulnerable to HTTP Header Injection in the set_status_header() common function under Apache resulting in HTTP Header Injection flaws.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities