Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-40380
2026-05-12
MEDIUM
6.2
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
CVE-2026-40379
2026-05-12
CRITICAL
9.3
Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-40377
2026-05-12
HIGH
7.8
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
CVE-2026-40374
2026-05-12
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
CVE-2026-40370
2026-05-12
HIGH
8.8
External control of file name or path in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-40369
2026-05-12
HIGH
7.8
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-40368
2026-05-12
HIGH
8.0
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40367
2026-05-12
HIGH
8.4
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366
2026-05-12
HIGH
8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40365
2026-05-12
HIGH
8.8
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40364
2026-05-12
HIGH
8.4
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363
2026-05-12
HIGH
8.4
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362
2026-05-12
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361
2026-05-12
HIGH
8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40360
2026-05-12
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359
2026-05-12
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358
2026-05-12
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40357
2026-05-12
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35440
2026-05-12
MEDIUM
5.5
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35439
2026-05-12
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35438
2026-05-12
HIGH
8.3
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-35436
2026-05-12
HIGH
8.8
Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.
CVE-2026-35433
2026-05-12
HIGH
7.3
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
CVE-2026-35429
2026-05-12
MEDIUM
4.3
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-35424
2026-05-12
HIGH
7.5
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-35423
2026-05-12
MEDIUM
5.4
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
CVE-2026-35422
2026-05-12
MEDIUM
6.5
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
CVE-2026-35421
2026-05-12
HIGH
7.8
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-35420
2026-05-12
HIGH
7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-35419
2026-05-12
MEDIUM
5.5
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-35418
2026-05-12
HIGH
7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-35417
2026-05-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-35416
2026-05-12
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-35415
2026-05-12
HIGH
7.8
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-34351
2026-05-12
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34350
2026-05-12
MEDIUM
6.5
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
CVE-2026-34347
2026-05-12
HIGH
7.0
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34345
2026-05-12
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34344
2026-05-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-34343
2026-05-12
HIGH
7.8
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
CVE-2026-34342
2026-05-12
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
CVE-2026-34341
2026-05-12
HIGH
7.0
Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally.
CVE-2026-34340
2026-05-12
HIGH
7.0
Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-34339
2026-05-12
MEDIUM
5.5
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.
CVE-2026-34338
2026-05-12
HIGH
7.8
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-34337
2026-05-12
HIGH
7.8
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-34336
2026-05-12
HIGH
7.8
Buffer over-read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2026-34334
2026-05-12
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-34333
2026-05-12
HIGH
7.8
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2026-34332
2026-05-12
HIGH
8.0
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to execute code over a network.
« Anterior
Página 15 de 4296
Siguiente »
Page load link
Go to Top
