Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-47631
2026-06-09
HIGH
8.1
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-47298
2026-06-09
HIGH
8.0
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-47293
2026-06-09
HIGH
7.0
Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-47292
2026-06-09
HIGH
7.8
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally.
CVE-2026-47291
2026-06-09
CRITICAL
9.8
Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
CVE-2026-47289
2026-06-09
HIGH
8.8
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-47288
2026-06-09
HIGH
7.1
Integer overflow or wraparound in Windows Kerberos allows an authorized attacker to execute code over an adjacent network.
CVE-2026-47287
2026-06-09
MEDIUM
6.5
Relative path traversal in Visual Studio Code allows an unauthorized attacker to perform tampering over a network.
CVE-2026-47284
2026-06-09
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Visual Studio Code allows an unauthorized attacker to disclose information over a network.
CVE-2026-47281
2026-06-09
CRITICAL
9.6
Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-45658
2026-06-09
HIGH
7.8
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45657
2026-06-09
CRITICAL
9.8
Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
CVE-2026-45656
2026-06-09
HIGH
7.8
Protection mechanism failure in Windows UEFI allows an authorized attacker to bypass a security feature locally.
CVE-2026-45655
2026-06-09
MEDIUM
5.3
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-45654
2026-06-09
HIGH
7.9
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
CVE-2026-45653
2026-06-09
HIGH
7.0
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45650
2026-06-09
MEDIUM
4.3
User interface (ui) misrepresentation of critical information in Microsoft Bing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-45649
2026-06-09
HIGH
7.1
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally.
CVE-2026-45648
2026-06-09
HIGH
8.8
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network.
CVE-2026-45647
2026-06-09
MEDIUM
5.5
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2026-45645
2026-06-09
HIGH
7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-45644
2026-06-09
HIGH
8.0
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network.
CVE-2026-45643
2026-06-09
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-45642
2026-06-09
LOW
3.9
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
CVE-2026-45641
2026-06-09
HIGH
8.4
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45640
2026-06-09
HIGH
7.0
Use after free in Windows Bluetooth Port Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-45639
2026-06-09
HIGH
7.5
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-45638
2026-06-09
HIGH
7.8
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45637
2026-06-09
HIGH
7.8
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-45636
2026-06-09
HIGH
7.8
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
CVE-2026-45635
2026-06-09
HIGH
8.1
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45634
2026-06-09
MEDIUM
5.5
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45608
2026-06-09
MEDIUM
6.8
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
CVE-2026-45607
2026-06-09
HIGH
8.4
Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.
CVE-2026-45606
2026-06-09
MEDIUM
5.5
Out-of-bounds read in Microsoft UxTheme Library (uxtheme.dll) allows an authorized attacker to deny service locally.
CVE-2026-45605
2026-06-09
HIGH
7.8
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2026-45604
2026-06-09
MEDIUM
5.5
Out-of-bounds read in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45603
2026-06-09
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45602
2026-06-09
CRITICAL
9.1
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
CVE-2026-45601
2026-06-09
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45600
2026-06-09
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-45599
2026-06-09
HIGH
8.1
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
CVE-2026-45598
2026-06-09
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45597
2026-06-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45596
2026-06-09
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-45595
2026-06-09
MEDIUM
5.4
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-45594
2026-06-09
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.
CVE-2026-45593
2026-06-09
HIGH
7.8
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
CVE-2026-45592
2026-06-09
HIGH
7.8
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-45591
2026-06-09
HIGH
7.5
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.
« Anterior
Página 116 de 4520
Siguiente »
Page load link
Go to Top