Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-23765

Publication date:
21/05/2021
A file upload vulnerability was discovered in the file path /bl-plugins/backup/plugin.php on Bludit version 3.12.0. If an attacker is able to gain Administrator rights they will be able to use unsafe plugins to upload a backup file and control the server.
Severity CVSS v4.0: Pending analysis
Last modification:
27/05/2021

CVE-2020-23768

Publication date:
21/05/2021
An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers.
Severity CVSS v4.0: Pending analysis
Last modification:
28/06/2022

CVE-2020-23766

Publication date:
21/05/2021
An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2018-25009

Publication date:
21/05/2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Severity CVSS v4.0: Pending analysis
Last modification:
17/02/2023

CVE-2020-36328

Publication date:
21/05/2021
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2023

CVE-2020-36331

Publication date:
21/05/2021
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2023

CVE-2020-36329

Publication date:
21/05/2021
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity CVSS v4.0: Pending analysis
Last modification:
09/01/2023

CVE-2018-25010

Publication date:
21/05/2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2023

CVE-2018-25011

Publication date:
21/05/2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
Severity CVSS v4.0: Pending analysis
Last modification:
10/02/2023

CVE-2018-25013

Publication date:
21/05/2021
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2023

CVE-2018-25014

Publication date:
21/05/2021
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Severity CVSS v4.0: Pending analysis
Last modification:
09/02/2023

CVE-2020-36330

Publication date:
21/05/2021
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Severity CVSS v4.0: Pending analysis
Last modification:
30/11/2021