Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-7712

Publication date:

30/08/2020

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-24972

Publication date:

29/08/2020

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2020-24898

Publication date:

29/08/2020

The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter).

Severity CVSS v4.0: Pending analysis

Last modification:

04/09/2020

CVE-2020-24897

Publication date:

29/08/2020

The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.

Severity CVSS v4.0: Pending analysis

Last modification:

04/09/2020

CVE-2020-24928

Publication date:

29/08/2020

managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-25020

Publication date:

29/08/2020

MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader components.

Severity CVSS v4.0: Pending analysis

Last modification:

05/05/2025

CVE-2020-25019

Publication date:

29/08/2020

jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

Severity CVSS v4.0: Pending analysis

Last modification:

17/11/2025

CVE-2020-3566

Publication date:

29/08/2020

A vulnerability in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust process memory of an affected device. The vulnerability is due to insufficient queue management for Internet Group Management Protocol (IGMP) packets. An attacker could exploit this vulnerability by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to cause memory exhaustion, resulting in instability of other processes. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address this vulnerability.

Severity CVSS v4.0: Pending analysis

Last modification:

28/10/2025

CVE-2020-25016

Publication date:

29/08/2020

A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2020-15159

Publication date:

28/08/2020

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) and Remote Code Execution (RCE). This may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file.The affected components are ThemeFilesController.php and UploaderFilesController.php. This is fixed in version 4.3.7.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2020

CVE-2020-15155

Publication date:

28/08/2020

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2020

CVE-2020-15154

Publication date:

28/08/2020

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

Severity CVSS v4.0: Pending analysis

Last modification:

03/09/2020

Subscribe to Vulnerabilities