Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2010-1327
Publication date:
06/07/2010
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-1328
Publication date:
06/07/2010
Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2483
Publication date:
06/07/2010
The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a TIFF file with an invalid combination of SamplesPerPixel and Photometric values.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2481
Publication date:
06/07/2010
The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly handle unknown tag types in TIFF directory entries, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF file.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2482
Publication date:
06/07/2010
LibTIFF 3.9.4 and earlier does not properly handle an invalid td_stripbytecount field, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted TIFF file, a different vulnerability than CVE-2010-2443.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2621
Publication date:
02/07/2010
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2622
Publication date:
02/07/2010
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2623
Publication date:
02/07/2010
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2624
Publication date:
02/07/2010
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2626
Publication date:
02/07/2010
index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party information.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2004-2769
Publication date:
02/07/2010
Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025

CVE-2010-2619
Publication date:
02/07/2010
Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."
Severity CVSS v4.0: Pending analysis
Last modification:
11/04/2025
Subscribe to Vulnerabilities