Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-37189
Publication date:
11/02/2026
TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37179
Publication date:
11/02/2026
APKF Product Key Finder 2.5.8.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character payload and paste it into the registration name field to trigger an application crash.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37180
Publication date:
11/02/2026
GTalk Password Finder 2.2.1 contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character payload and paste it into the 'Key' field to trigger an application crash.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37181
Publication date:
11/02/2026
Torrent FLV Converter 1.51 Build 117 contains a stack overflow vulnerability that allows attackers to overwrite Structured Exception Handler (SEH) through a malicious registration code input. Attackers can craft a payload with specific offsets and partial SEH overwrite techniques to potentially execute arbitrary code on vulnerable Windows 32-bit systems.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37182
Publication date:
11/02/2026
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
Severity CVSS v4.0: HIGH
Last modification:
12/02/2026

CVE-2020-37183
Publication date:
11/02/2026
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload in the License Name input field to trigger a buffer overflow and execute system commands like calc.exe.
Severity CVSS v4.0: HIGH
Last modification:
12/02/2026

CVE-2020-37173
Publication date:
11/02/2026
AVideo Platform 8.1 contains an information disclosure vulnerability that allows attackers to enumerate user details through the playlistsFromUser.json.php endpoint. Attackers can retrieve sensitive user information including email, password hash, and administrative status by manipulating the users_id parameter.
Severity CVSS v4.0: HIGH
Last modification:
18/02/2026

CVE-2020-37175
Publication date:
11/02/2026
P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37176
Publication date:
11/02/2026
Torrent 3GP Converter 1.51 contains a stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) registers. Attackers can craft a malicious payload targeting the application's registration dialog to trigger code execution and open the calculator through carefully constructed buffer overflow techniques.
Severity CVSS v4.0: HIGH
Last modification:
12/02/2026

CVE-2020-37177
Publication date:
11/02/2026
BOOTP Turbo 2.0 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Structured Exception Handler (SEH). Attackers can generate a malicious payload of 2196 bytes with specific byte patterns to trigger an application crash and corrupt the SEH chain.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37178
Publication date:
11/02/2026
KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash.
Severity CVSS v4.0: MEDIUM
Last modification:
12/02/2026

CVE-2020-37172
Publication date:
11/02/2026
AVideo Platform 8.1 contains a cross-site request forgery vulnerability that allows attackers to reset user passwords by exploiting the password recovery mechanism. Attackers can craft malicious requests to the recoverPass endpoint using the user's recovery token to change account credentials without authentication.
Severity CVSS v4.0: HIGH
Last modification:
18/02/2026
Subscribe to Vulnerabilities