Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-25117
Publication date:
03/09/2020
The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2020

CVE-2020-25116
Publication date:
03/09/2020
The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2020

CVE-2020-25115
Publication date:
03/09/2020
The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Field Manager.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2020

CVE-2020-25121
Publication date:
03/09/2020
The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the Options.
Severity CVSS v4.0: Pending analysis
Last modification:
04/09/2020

CVE-2020-24193
Publication date:
03/09/2020
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2020

CVE-2020-14373
Publication date:
03/09/2020
A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of ghostscript-9.25. A local attacker could supply a specially crafted PDF file to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-10720
Publication date:
03/09/2020
A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allows an attacker with local access to crash the system.
Severity CVSS v4.0: Pending analysis
Last modification:
10/09/2020

CVE-2020-11579
Publication date:
03/09/2020
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
03/02/2023

CVE-2020-24158
Publication date:
03/09/2020
360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code. It is a dual-core browser owned by Beijing Qihoo Technology.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-24159
Publication date:
03/09/2020
NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to gain server permissions. This affects Guangzhou NetEase Youdao Dictionary 8.9.2.0.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-24160
Publication date:
03/09/2020
Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be exploited by attackers to execute malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-24161
Publication date:
03/09/2020
Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers can use this vulnerability to execute malicious code.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities