Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2021-27103
Publication date:
16/02/2021
Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
Severity CVSS v4.0: Pending analysis
Last modification:
03/11/2025

CVE-2021-27203
Publication date:
16/02/2021
In Dekart Private Disk 2.15, invalid use of the Type3 user buffer for IOCTL codes using METHOD_NEITHER results in arbitrary memory dereferencing.
Severity CVSS v4.0: Pending analysis
Last modification:
22/02/2021

CVE-2021-20069
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20070
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20071
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20073
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for cross-site request forgeries.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20074
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20075
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows for privilege escalation via configd.
Severity CVSS v4.0: Pending analysis
Last modification:
17/08/2021

CVE-2021-20072
Publication date:
16/02/2021
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to arbitrarily access and delete files via an authenticated directory traveral.
Severity CVSS v4.0: Pending analysis
Last modification:
12/07/2022

CVE-2020-28918
Publication date:
16/02/2021
DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in prompting for the password, whereas an invalid one will produce an "unknown username" error message.
Severity CVSS v4.0: Pending analysis
Last modification:
30/05/2025

CVE-2020-29457
Publication date:
16/02/2021
A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue application to establish a secure connection.
Severity CVSS v4.0: Pending analysis
Last modification:
26/03/2021

CVE-2020-11635
Publication date:
16/02/2021
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
Severity CVSS v4.0: Pending analysis
Last modification:
21/07/2021
Subscribe to Vulnerabilities