Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2017-16799
Publication date:
12/11/2017
In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16798
Publication date:
12/11/2017
In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16794
Publication date:
12/11/2017
The png_load function in lib/png.c in SWFTools 0.9.2 does not properly validate a multiplication of width and bits-per-pixel values, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an erroneous png_load call that occurs because of incorrect integer data types in png2swf.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16793
Publication date:
12/11/2017
The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not properly validate WAV data, which allows remote attackers to cause a denial of service (incorrect malloc and heap-based buffer overflow) or possibly have unspecified other impact via a crafted file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16520
Publication date:
11/11/2017
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16784
Publication date:
10/11/2017
In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16785
Publication date:
10/11/2017
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16782
Publication date:
10/11/2017
In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16780
Publication date:
10/11/2017
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16781
Publication date:
10/11/2017
The installer in MyBB before 1.8.13 has XSS.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16783
Publication date:
10/11/2017
In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025

CVE-2017-16765
Publication date:
10/11/2017
XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.
Severity CVSS v4.0: Pending analysis
Last modification:
20/04/2025
Subscribe to Vulnerabilities