Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-48002
2025-07-08
MEDIUM
5.7
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to disclose information over an adjacent network.
CVE-2025-48001
2025-07-08
MEDIUM
6.8
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical…
CVE-2025-48000
2025-07-08
HIGH
7.8
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47999
2025-07-08
MEDIUM
6.8
Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.
CVE-2025-47998
2025-07-08
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-47996
2025-07-08
HIGH
7.8
Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47994
2025-07-08
HIGH
7.8
Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47993
2025-07-08
HIGH
7.8
Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.
CVE-2025-47991
2025-07-08
HIGH
7.8
Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.
CVE-2025-47988
2025-07-08
HIGH
7.5
Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over…
CVE-2025-47987
2025-07-08
HIGH
7.8
Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.
CVE-2025-47986
2025-07-08
HIGH
8.8
Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47985
2025-07-08
HIGH
7.8
Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.
CVE-2025-47984
2025-07-08
HIGH
7.5
Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
CVE-2025-47982
2025-07-08
HIGH
7.8
Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-47981
2025-07-08
CRITICAL
9.8
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
CVE-2025-47980
2025-07-08
MEDIUM
6.2
Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-47978
2025-07-08
MEDIUM
6.5
Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network.
CVE-2025-47976
2025-07-08
HIGH
7.8
Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47975
2025-07-08
HIGH
7.0
Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-47973
2025-07-08
HIGH
7.8
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47972
2025-07-08
HIGH
8.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker…
CVE-2025-47971
2025-07-08
HIGH
7.8
Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.
CVE-2025-47178
2025-07-08
HIGH
8.0
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an authorized attacker…
CVE-2025-47159
2025-07-08
HIGH
7.8
Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-47109
2025-07-08
MEDIUM
5.5
After Effects versions 25.2, 24.6.6 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application…
CVE-2025-43587
2025-07-08
MEDIUM
5.5
After Effects versions 25.2, 24.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of…
CVE-2025-43580
2025-07-08
MEDIUM
5.5
Audition versions 25.2, 24.6.3 and earlier are affected by an Access of Memory Location After End of Buffer vulnerability that…
CVE-2025-33054
2025-07-08
HIGH
8.1
Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-3648
2025-07-08
N/A
0.0
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain…
CVE-2025-26636
2025-07-08
MEDIUM
5.5
Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-21195
2025-07-08
MEDIUM
6.0
Improper link resolution before file access ('link following') in Service Fabric allows an authorized attacker to elevate privileges locally.
CVE-2025-21168
2025-07-08
MEDIUM
5.5
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of…
CVE-2025-21167
2025-07-08
MEDIUM
5.5
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of…
CVE-2025-21166
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-21165
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2025-21164
2025-07-08
HIGH
7.8
Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code…
CVE-2024-36357
2025-07-08
MEDIUM
5.6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially…
CVE-2024-36350
2025-07-08
MEDIUM
5.6
A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting…
CVE-2024-36349
2025-07-08
LOW
3.8
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a…
CVE-2024-36348
2025-07-08
LOW
3.8
A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even…
CVE-2025-7148
2025-07-07
LOW
3.5
A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is…
CVE-2025-7147
2025-07-07
HIGH
7.3
A vulnerability has been found in CodeAstro Patient Record Management System 1.0 and classified as critical. Affected by this vulnerability…
CVE-2025-7144
2025-07-07
LOW
2.4
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown…
CVE-2025-7143
2025-07-07
LOW
2.4
A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown…
CVE-2025-7142
2025-07-07
LOW
2.4
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this…
CVE-2025-53543
2025-07-07
MEDIUM
4.2
Kestra is an event-driven orchestration platform. The error message in execution "Overview" tab is vulnerable to stored XSS due to…
CVE-2025-53540
2025-07-07
N/A
0.0
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and…
CVE-2025-53539
2025-07-07
N/A
0.0
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts.…
CVE-2025-53496
2025-07-07
MEDIUM
5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - MediaSearch Extension…
« Anterior
Página 186 de 3483
Siguiente »
Page load link
Go to Top
