Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-6635

Publication date:

21/01/2014

wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by visiting a draft.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2014-0753

Publication date:

21/01/2014

Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2013-4030

Publication date:

21/01/2014

Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack against (1) SSL or (2) TLS traffic.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2013-5429

Publication date:

21/01/2014

The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.2 before FP9 does not prevent reuse of One Time Password (OTP) tokens, which makes it easier for remote authenticated users to complete transactions by leveraging access to an already-used token.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2013-6040

Publication date:

21/01/2014

MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2014-0009

Publication date:

20/01/2014

course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2014-0010

Publication date:

20/01/2014

Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2014-0008

Publication date:

20/01/2014

lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2013-6488

Publication date:

20/01/2014

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0328. Reason: This candidate is a reservation duplicate of CVE-2013-0328. Notes: All CVE users should reference CVE-2013-0328 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2013-2169

Publication date:

20/01/2014

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2013-2170

Publication date:

20/01/2014

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2013-3594

Publication date:

20/01/2014

The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device reset) or possibly execute arbitrary code by sending many packets to TCP port 22.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities