Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-3204
Publication date:
19/02/2021
SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2021

CVE-2021-3210
Publication date:
19/02/2021
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2021

CVE-2021-26296
Publication date:
19/02/2021
In the default configuration, Apache MyFaces Core versions 2.2.0 to 2.2.13, 2.3.0 to 2.3.7, 2.3-next-M1 to 2.3-next-M4, and 3.0.0-RC1 use cryptographically weak implicit and explicit cross-site request forgery (CSRF) tokens. Due to that limitation, it is possible (although difficult) for an attacker to calculate a future CSRF token value and to use that value to trick a user into executing unwanted actions on an application.
Severity CVSS v4.0: Pending analysis
Last modification:
02/06/2021

CVE-2021-3339
Publication date:
19/02/2021
ModernFlow before 1.3.00.208 does not constrain web-page access to members of a security group, as demonstrated by the Search Screen and the Profile Screen.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2021

CVE-2020-36248
Publication date:
19/02/2021
The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2025

CVE-2020-36249
Publication date:
19/02/2021
The File Firewall before 2.8.0 for ownCloud Server does not properly enforce file-type restrictions for public shares.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-10254
Publication date:
19/02/2021
An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password-protected image by displaying its preview.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2021

CVE-2020-10252
Publication date:
19/02/2021
An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
25/02/2021

CVE-2020-36250
Publication date:
19/02/2021
In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2025

CVE-2020-36251
Publication date:
19/02/2021
ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-36252
Publication date:
19/02/2021
ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number.
Severity CVSS v4.0: Pending analysis
Last modification:
31/03/2025

CVE-2020-36247
Publication date:
19/02/2021
Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF.
Severity CVSS v4.0: Pending analysis
Last modification:
24/02/2021
Subscribe to Vulnerabilities