Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-26538
Publication date:
02/10/2020
An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-26540
Publication date:
02/10/2020
An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS. Because the Hardened Runtime protection mechanism is not applied to code signing, code injection (or an information leak) can occur.
Severity CVSS v4.0: Pending analysis
Last modification:
08/09/2021

CVE-2020-26524
Publication date:
02/10/2020
CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.
Severity CVSS v4.0: Pending analysis
Last modification:
27/04/2022

CVE-2020-26523
Publication date:
02/10/2020
Froala Editor before 3.2.2 allows XSS via pasted content.
Severity CVSS v4.0: Pending analysis
Last modification:
02/10/2020

CVE-2020-26519
Publication date:
02/10/2020
Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-26518
Publication date:
02/10/2020
Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.
Severity CVSS v4.0: Pending analysis
Last modification:
09/10/2020

CVE-2020-26511
Publication date:
02/10/2020
The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. This leads to authentication bypass.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-9491
Publication date:
01/10/2020
In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-5789
Publication date:
01/10/2020
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2020

CVE-2020-5788
Publication date:
01/10/2020
Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.
Severity CVSS v4.0: Pending analysis
Last modification:
01/10/2020

CVE-2020-9486
Publication date:
01/10/2020
In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2020

CVE-2020-9487
Publication date:
01/10/2020
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens.
Severity CVSS v4.0: Pending analysis
Last modification:
05/10/2020
Subscribe to Vulnerabilities