Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2012-2368
Publication date:
13/08/2012
Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2011-0523
Publication date:
13/08/2012
gypsy 0.8 does not properly restrict the files that can be read while running with root privileges, which allows local users to read otherwise restricted files via unspecified vectors.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2011-0524
Publication date:
13/08/2012
Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 allow local users to cause a denial of service (crash) via unspecified vectors related to the sprintf function.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2009-5066
Publication date:
13/08/2012
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4259
Publication date:
13/08/2012
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4260
Publication date:
13/08/2012
Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4261
Publication date:
13/08/2012
SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4262
Publication date:
13/08/2012
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4258
Publication date:
13/08/2012
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4255
Publication date:
13/08/2012
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4251
Publication date:
13/08/2012
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to install.php, (3) tablename or (4) dbid parameter to sql.php, or (5) filename parameter to restore.php in learn/cubemail/.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026

CVE-2012-4252
Publication date:
13/08/2012
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restriction via a deletehtaccess action, (2) drop a database via a kill value in a db action, (3) uninstall the application via a 101 value in the phase parameter to learn/cubemail/install.php, (4) delete config.php via a 2 value in the phase parameter to learn/cubemail/install.php, (5) change a password via a schutz action, or (6) execute arbitrary SQL commands via the sql_statement parameter to learn/cubemail/sql.php.
Severity CVSS v4.0: Pending analysis
Last modification:
29/04/2026
Subscribe to Vulnerabilities