Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3485

Publication date:
24/07/2019
Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-3622

Publication date:
24/07/2019
Files or Directories Accessible to External Parties in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows authenticated user to redirect DLPe log files to arbitrary locations via incorrect access control applied to the DLPe log folder allowing privileged users to create symbolic links.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-10992

Publication date:
24/07/2019
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple out-of-bounds read vulnerabilities may cause information disclosure due to lacking user input validation for processing project files.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-3591

Publication date:
24/07/2019
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in ePO extension in McAfee Data Loss Prevention (DLPe) for Windows 11.x prior to 11.3.0 allows unauthenticated remote user to trigger specially crafted JavaScript to render in the ePO UI via a carefully crafted upload to a remote website which is correctly blocked by DLPe Web Protection. This would then render as an XSS when the DLP Admin viewed the event in the ePO UI.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-3595

Publication date:
24/07/2019
Improper Neutralization of Special Elements used in a Command ('Command Injection') in ePO extension in McAfee Data Loss Prevention (DLP) 11.x prior to 11.3.0 allows Authenticated Adminstrator to execute arbitrary code with their local machine privileges via a specially crafted DLP policy, which is exported and opened on the their machine. In our checks, the user must explicitly allow the code to execute.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-10968

Publication date:
24/07/2019
Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-10982

Publication date:
24/07/2019
Delta Electronics CNCSoft ScreenEditor, Versions 1.00.89 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. There is a lack of user input validation before copying data from project files onto the heap.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-1010191

Publication date:
24/07/2019
marginalia
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-1010178

Publication date:
24/07/2019
Fred MODX Revolution
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-1010179

Publication date:
24/07/2019
PHKP including commit 88fd9cfdf14ea4b6ac3e3967feea7bcaabb6f03b is affected by: Improper Neutralization of Special Elements used in a Command ('Command Injection'). The impact is: It is possible to manipulate gpg-keys or execute commands remotely. The component is: function pgp_exec() phkp.php:98. The attack vector is: HKP-Api: /pks/lookup?search.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-1010189

Publication date:
24/07/2019
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-1010190

Publication date:
24/07/2019
mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026