Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-1646

Publication date:

25/09/2012

Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in faq.module.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-0974

Publication date:

25/09/2012

Multiple cross-site scripting (XSS) vulnerabilities in the getParam function in oc-includes/osclass/core/Params.php in OSClass before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sCity, (2) sPattern, (3) sPriceMax, and (4) sPriceMin parameters in a search action to index.php.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1293

Publication date:

25/09/2012

Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams&#39; Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-0973

Publication date:

25/09/2012

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-1103

Publication date:

25/09/2012

emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-0869

Publication date:

25/09/2012

Cross-site scripting (XSS) vulnerability in fup in Frams&#39; Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2011-4623

Publication date:

25/09/2012

Integer overflow in the rsCStrExtendBuf function in runtime/stringbuf.c in the imfile module in rsyslog 4.x before 4.6.6, 5.x before 5.7.4, and 6.x before 6.1.4 allows local users to cause a denial of service (daemon hang) via a large file, which triggers a heap-based buffer overflow.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-5159

Publication date:

25/09/2012

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an externally introduced modification (Trojan Horse) in server_sync.php, which allows remote attackers to execute arbitrary PHP code via an eval injection attack.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-0209

Publication date:

25/09/2012

Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail Edition 1.2.10, as distributed by FTP between November 2011 and February 2012, contains an externally introduced modification (Trojan Horse) in templates/javascript/open_calendar.js, which allows remote attackers to execute arbitrary PHP code.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3300

Publication date:

25/09/2012

IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3304

Publication date:

25/09/2012

The Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hijack sessions via unspecified vectors.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

CVE-2012-3305

Publication date:

25/09/2012

Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file.

Severity CVSS v4.0: Pending analysis

Last modification:

11/04/2025

Subscribe to Vulnerabilities