Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-21221
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-21219
2026-01-13
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2026-20965
2026-01-13
HIGH
7.5
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20963
2026-01-13
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20962
2026-01-13
MEDIUM
4.4
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20959
2026-01-13
MEDIUM
4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-20958
2026-01-13
MEDIUM
5.4
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-20957
2026-01-13
HIGH
7.8
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20956
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20955
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20953
2026-01-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20952
2026-01-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20951
2026-01-13
HIGH
7.8
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2026-20950
2026-01-13
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20949
2026-01-13
HIGH
7.8
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20948
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20947
2026-01-13
HIGH
8.8
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20946
2026-01-13
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20944
2026-01-13
HIGH
8.4
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20943
2026-01-13
HIGH
7.0
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20941
2026-01-13
HIGH
7.8
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-20940
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20939
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20938
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20937
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20936
2026-01-13
MEDIUM
4.3
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
CVE-2026-20935
2026-01-13
MEDIUM
6.2
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
CVE-2026-20934
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20932
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20931
2026-01-13
HIGH
8.0
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-20929
2026-01-13
HIGH
7.5
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
CVE-2026-20927
2026-01-13
MEDIUM
5.3
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
CVE-2026-20926
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20925
2026-01-13
MEDIUM
6.5
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20924
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20923
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20922
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20921
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20920
2026-01-13
HIGH
7.8
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20919
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20918
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20877
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20876
2026-01-13
MEDIUM
6.7
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20875
2026-01-13
HIGH
7.5
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-20874
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20873
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20872
2026-01-13
MEDIUM
6.5
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20871
2026-01-13
HIGH
7.8
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-20870
2026-01-13
HIGH
7.8
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20869
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
« Anterior
Página 100 de 3930
Siguiente »
Page load link
Go to Top
