Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-24232

Publication date:

22/04/2021

The Advanced Booking Calendar WordPress plugin before 1.6.8 does not sanitise the license error message when output in the settings page, leading to an authenticated reflected Cross-Site Scripting issue

Severity CVSS v4.0: Pending analysis

Last modification:

29/04/2021

CVE-2021-24235

Publication date:

22/04/2021

The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-25664

Publication date:

22/04/2021

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions

Severity CVSS v4.0: HIGH

Last modification:

11/03/2025

CVE-2021-25663

Publication date:

22/04/2021

A vulnerability has been identified in Capital Embedded AR Classic 431-422 (All versions), Capital Embedded AR Classic R20-11 (All versions

Severity CVSS v4.0: HIGH

Last modification:

11/03/2025

CVE-2020-15795

Publication date:

22/04/2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-27009

Publication date:

22/04/2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-27736

Publication date:

22/04/2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-27737

Publication date:

22/04/2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-27738

Publication date:

22/04/2021

A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/08/2023

CVE-2020-26997

Publication date:

22/04/2021

A vulnerability has been identified in Solid Edge SE2020 (All versions

Severity CVSS v4.0: Pending analysis

Last modification:

08/06/2021

CVE-2021-24238

Publication date:

22/04/2021

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the requested property to be deleted belong to the user making the request, allowing any authenticated users to delete arbitrary properties by tampering with the property_id parameter.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2021-0272

Publication date:

22/04/2021

A kernel memory leak in QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016 devices Flexible PIC Concentrators (FPCs) on Juniper Networks Junos OS allows an attacker to send genuine packets destined to the device to cause a Denial of Service (DoS) to the device. On QFX10002-32Q, QFX10002-60C, QFX10002-72Q devices the device will crash and restart. On QFX10008, QFX10016 devices, depending on the number of FPCs involved in an attack, one more more FPCs may crash and traffic through the device may be degraded in other ways, until the attack traffic stops. A reboot is required to restore service and clear the kernel memory. Continued receipt and processing of these genuine packets will create a sustained Denial of Service (DoS) condition. On QFX10008, QFX10016 devices, an indicator of compromise may be the existence of DCPFE core files. You can also monitor PFE memory utilization for incremental growth: user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2417120656 804104392 24 Kernel user@qfx-RE:0% cprod -A fpc0 -c "show heap 0" | grep -i ke 0 3788a1b0 3221225048 2332332200 888892848 27 Kernel This issue affects: Juniper Networks Junos OS on QFX10002-32Q, QFX10002-60C, QFX10002-72Q, QFX10008, QFX10016: 16.1 versions 16.1R1 and above prior to 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R3-S2; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R3; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2. This issue does not affect releases prior to Junos OS 16.1R1. This issue does not affect EX Series devices. This issue does not affect Junos OS Evolved.

Severity CVSS v4.0: Pending analysis

Last modification:

04/05/2021

Subscribe to Vulnerabilities