Vulnerabilidades CVE

A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:

Borrar filtros
CVE ID Publicado Severidad CVSS Descripción
CVE-2026-44807 2026-06-09 HIGH 7.8 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44805 2026-06-09 MEDIUM 5.5 Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
CVE-2026-44804 2026-06-09 HIGH 7.8 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44803 2026-06-09 HIGH 7.8 Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44802 2026-06-09 HIGH 7.8 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-44801 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44799 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42993 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42992 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42991 2026-06-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42989 2026-06-09 HIGH 7.8 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-42987 2026-06-09 HIGH 8.1 Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
CVE-2026-42986 2026-06-09 HIGH 7.8 Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-42985 2026-06-09 HIGH 8.8 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42984 2026-06-09 HIGH 7.0 Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42983 2026-06-09 HIGH 7.8 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42981 2026-06-09 HIGH 8.1 Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42980 2026-06-09 HIGH 7.8 Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42979 2026-06-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42978 2026-06-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42977 2026-06-09 HIGH 7.8 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-42974 2026-06-09 HIGH 8.1 Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
CVE-2026-42973 2026-06-09 MEDIUM 5.5 Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42972 2026-06-09 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
CVE-2026-42971 2026-06-09 MEDIUM 5.5 Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42970 2026-06-09 MEDIUM 5.5 Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42969 2026-06-09 MEDIUM 5.5 Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
CVE-2026-42968 2026-06-09 MEDIUM 5.5 Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
CVE-2026-42916 2026-06-09 HIGH 7.8 Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-42915 2026-06-09 MEDIUM 5.7 Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
CVE-2026-42914 2026-06-09 MEDIUM 5.3 Windows Kerberos Denial of Service Vulnerability
CVE-2026-42913 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42912 2026-06-09 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42911 2026-06-09 HIGH 7.0 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-42910 2026-06-09 HIGH 7.8 Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
CVE-2026-42909 2026-06-09 HIGH 7.5 Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42908 2026-06-09 HIGH 7.5 Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
CVE-2026-42907 2026-06-09 MEDIUM 6.5 Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42906 2026-06-09 MEDIUM 5.5 Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
CVE-2026-42905 2026-06-09 HIGH 7.8 Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-42904 2026-06-09 CRITICAL 9.6 Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-42903 2026-06-09 MEDIUM 6.5 Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2026-42902 2026-06-09 HIGH 7.8 Improper authorization in Microsoft PowerToys allows an authorized attacker to elevate privileges locally.
CVE-2026-42837 2026-06-09 HIGH 7.8 Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-42836 2026-06-09 HIGH 7.0 Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
CVE-2026-42835 2026-06-09 HIGH 8.1 Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.
CVE-2026-42829 2026-06-09 HIGH 7.8 Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally.
CVE-2026-42828 2026-06-09 HIGH 7.8 Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-41108 2026-06-09 HIGH 7.0 Heap-based buffer overflow in Microsoft Windows DNS allows an authorized attacker to elevate privileges locally.
CVE-2026-41098 2026-06-09 HIGH 8.4 Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network.
« Anterior Página 118 de 4520 Siguiente »