Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-20868
2026-01-13
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-20867
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20866
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20865
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20864
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20863
2026-01-13
HIGH
7.0
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20862
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2026-20861
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20860
2026-01-13
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-20859
2026-01-13
HIGH
7.8
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-20858
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20857
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20856
2026-01-13
HIGH
8.1
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2026-20854
2026-01-13
HIGH
7.5
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
CVE-2026-20853
2026-01-13
HIGH
7.4
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20852
2026-01-13
HIGH
7.7
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
CVE-2026-20851
2026-01-13
MEDIUM
6.2
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.
CVE-2026-20849
2026-01-13
HIGH
7.5
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2026-20848
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20847
2026-01-13
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.
CVE-2026-20844
2026-01-13
HIGH
7.4
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20843
2026-01-13
HIGH
7.8
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20842
2026-01-13
HIGH
7.0
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2026-20840
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20839
2026-01-13
MEDIUM
5.5
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
CVE-2026-20838
2026-01-13
MEDIUM
5.5
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-20837
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20836
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-20835
2026-01-13
MEDIUM
5.5
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
CVE-2026-20834
2026-01-13
MEDIUM
4.6
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
CVE-2026-20833
2026-01-13
MEDIUM
5.5
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
CVE-2026-20832
2026-01-13
HIGH
7.8
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2026-20831
2026-01-13
HIGH
7.8
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-20830
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20829
2026-01-13
MEDIUM
5.5
Out-of-bounds read in Windows TPM allows an authorized attacker to disclose information locally.
CVE-2026-20828
2026-01-13
MEDIUM
4.6
Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
CVE-2026-20827
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-20826
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Tablet Windows User Interface (TWINUI) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-20825
2026-01-13
MEDIUM
4.4
Improper access control in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-20824
2026-01-13
MEDIUM
5.5
Protection mechanism failure in Windows Remote Assistance allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20823
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20822
2026-01-13
HIGH
7.8
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-20821
2026-01-13
MEDIUM
6.2
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
CVE-2026-20820
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20819
2026-01-13
MEDIUM
5.5
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to disclose information locally.
CVE-2026-20818
2026-01-13
MEDIUM
6.2
Insertion of sensitive information into log file in Windows Kernel allows an unauthorized attacker to disclose information locally.
CVE-2026-20817
2026-01-13
HIGH
7.8
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
CVE-2026-20816
2026-01-13
HIGH
7.8
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-20815
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20814
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
« Anterior
Página 101 de 3930
Siguiente »
Page load link
Go to Top
