Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-26551
Publication date:
17/11/2020
An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020

CVE-2020-26553
Publication date:
17/11/2020
An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020

CVE-2020-26550
Publication date:
17/11/2020
An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-26552
Publication date:
17/11/2020
An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-28129
Publication date:
17/11/2020
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
Severity CVSS v4.0: Pending analysis
Last modification:
22/12/2025

CVE-2020-25988
Publication date:
17/11/2020
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-28136
Publication date:
17/11/2020
An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.
Severity CVSS v4.0: Pending analysis
Last modification:
14/11/2023

CVE-2020-28133
Publication date:
17/11/2020
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-26405
Publication date:
17/11/2020
Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are >=12.8, =13.4, =13.5,
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2020

CVE-2020-13349
Publication date:
17/11/2020
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, =13.4, =13.5,
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-28140
Publication date:
17/11/2020
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020

CVE-2020-28139
Publication date:
17/11/2020
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
Severity CVSS v4.0: Pending analysis
Last modification:
23/11/2020
Subscribe to Vulnerabilities