Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-32702
2025-05-13
HIGH
7.8
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2025-32703
2025-05-13
MEDIUM
5.5
Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVE-2025-32704
2025-05-13
HIGH
8.4
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-29839
2025-05-13
MEDIUM
4.0
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.
CVE-2025-29840
2025-05-13
HIGH
8.8
Stack-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.
CVE-2025-29841
2025-05-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2024-4534
2024-05-27
MEDIUM
6.1
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to…
CVE-2024-4535
2024-05-27
HIGH
8.8
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via…
CVE-2024-4533
2024-05-27
MEDIUM
6.5
The KKProgressbar2 Free WordPress plugin through 1.1.4.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admin users to perform SQL injection…
CVE-2025-29842
2025-05-13
HIGH
7.5
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-29954
2025-05-13
MEDIUM
5.9
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2025-29955
2025-05-13
MEDIUM
6.2
Improper input validation in Windows Hyper-V allows an unauthorized attacker to deny service locally.
CVE-2025-29956
2025-05-13
MEDIUM
5.4
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network.
CVE-2025-29957
2025-05-13
MEDIUM
6.2
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally.
CVE-2025-29958
2025-05-13
MEDIUM
6.5
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-30383
2025-05-13
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-30384
2025-05-13
HIGH
7.4
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-30385
2025-05-13
HIGH
7.8
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-30386
2025-05-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30387
2025-05-13
CRITICAL
9.8
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-32705
2025-05-13
HIGH
7.8
Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
CVE-2025-32707
2025-05-13
HIGH
7.8
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.
CVE-2025-21264
2025-05-13
HIGH
7.1
Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
CVE-2025-24063
2025-05-13
HIGH
7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-26677
2025-05-13
HIGH
7.5
Uncontrolled resource consumption in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVE-2025-26684
2025-05-13
MEDIUM
6.7
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
CVE-2025-26685
2025-05-13
MEDIUM
6.5
Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-27468
2025-05-13
HIGH
7.0
Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally.
CVE-2025-27488
2025-05-13
MEDIUM
6.7
Use of hard-coded credentials in Windows Hardware Lab Kit allows an authorized attacker to elevate privileges locally.
CVE-2025-29826
2025-05-13
HIGH
7.3
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
CVE-2025-29829
2025-05-13
MEDIUM
5.5
Use of uninitialized resource in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally.
CVE-2025-29830
2025-05-13
MEDIUM
6.5
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29831
2025-05-13
HIGH
7.5
Use after free in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
CVE-2025-29832
2025-05-13
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29833
2025-05-13
HIGH
7.7
Time-of-check time-of-use (toctou) race condition in Windows Virtual Machine Bus allows an unauthorized attacker to execute code locally.
CVE-2025-29835
2025-05-13
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29836
2025-05-13
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-29837
2025-05-13
MEDIUM
5.5
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to disclose information locally.
CVE-2025-29838
2025-05-13
HIGH
7.4
Null pointer dereference in Windows Drivers allows an unauthorized attacker to elevate privileges locally.
CVE-2025-26784
2025-05-14
MEDIUM
6.5
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930,…
CVE-2025-24676
2025-02-03
HIGH
7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in umangmetatagg Custom WP Store Locator allows Reflected XSS.This issue affects Custom WP Store Locator: from n/a…
CVE-2024-6533
2024-08-15
MEDIUM
5.4
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. This is possible because the application injects an attacker-controlled parameter that will be stored…
CVE-2025-4917
2025-05-19
HIGH
7.3
A vulnerability classified as critical has been found in PHPGurukul Auto Taxi Stand Management System 1.0. Affected is an unknown function of the file /admin/new-autoortaxi-entry-form.php. The manipulation of…
CVE-2025-4916
2025-05-19
HIGH
7.3
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php.…
CVE-2025-4915
2025-05-19
HIGH
7.3
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/auto-taxi-entry-detail.php. The…
CVE-2025-4914
2025-05-19
HIGH
7.3
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/forgot-password.php. The…
CVE-2025-4913
2025-05-19
HIGH
7.3
A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php.…
CVE-2025-47760
2025-05-19
HIGH
7.8
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6MemInIF!set_temp_type_default function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and…
CVE-2025-47759
2025-05-19
HIGH
7.8
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6ComFile!CV7BaseMap::WriteV7DataToRom function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and…
CVE-2025-47758
2025-05-19
HIGH
7.8
V-SFT v6.2.5.0 and earlier contains an issue with stack-based buffer overflow in VS6File!CTxSubFile::get_ProgramFile_name function. Opening specially crafted V7 or V8 files may lead to crash, information disclosure, and…
« Anterior
Página 1201 de 4310
Siguiente »
Page load link
Go to Top
