Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2020-10746

Publication date:
19/10/2020
A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2020-9263

Publication date:
19/10/2020
HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability. There is a condition exists that the system would reference memory after it has been freed, the attacker should trick the user into running a crafted application with common privilege, successful exploit could cause code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2020

CVE-2020-9113

Publication date:
19/10/2020
HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. Successful exploit may cause code execution.
Severity CVSS v4.0: Pending analysis
Last modification:
22/10/2020

CVE-2020-9111

Publication date:
19/10/2020
E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability. The system does not properly check some events, an attacker could launch the events continually, successful exploit could cause reboot of the process.
Severity CVSS v4.0: Pending analysis
Last modification:
29/10/2020

CVE-2020-9112

Publication date:
19/10/2020
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.
Severity CVSS v4.0: Pending analysis
Last modification:
26/10/2020

CVE-2020-9092

Publication date:
19/10/2020
HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021

CVE-2020-24387

Publication date:
19/10/2020
An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-24388

Publication date:
19/10/2020
An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service.
Severity CVSS v4.0: Pending analysis
Last modification:
07/11/2023

CVE-2020-15262

Publication date:
19/10/2020
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2019-13633

Publication date:
19/10/2020
Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attacker can send arbitrary JavaScript code via a built-in communication channel, such as Telegram, WhatsApp, Viber, Skype, Facebook, Vkontakte, or Odnoklassniki. This is mishandled within the administration panel for conversations/all, conversations/inbox, conversations/unassigned, and conversations/closed.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026

CVE-2020-24375

Publication date:
19/10/2020
A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.
Severity CVSS v4.0: Pending analysis
Last modification:
27/10/2020

CVE-2020-15822

Publication date:
19/10/2020
In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.
Severity CVSS v4.0: Pending analysis
Last modification:
17/06/2026