Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-25572
2026-03-10
MEDIUM
5.1
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK server component does not enforce maximum length checks on certain variables…
CVE-2026-25571
2026-03-10
MEDIUM
5.1
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK client component does not enforce maximum length checks on certain variables…
CVE-2026-25570
2026-03-10
HIGH
7.4
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). The SICAM SIAPP SDK does not perform checks on input values potentially resulting in stack…
CVE-2026-25569
2026-03-10
HIGH
7.4
A vulnerability has been identified in SICAM SIAPP SDK (All versions < V2.1.7). An out-of-bounds write vulnerability exists in SICAM SIAPP SDK. This could allow an attacker to…
CVE-2026-25190
2026-03-10
HIGH
7.8
Untrusted search path in Windows GDI allows an unauthorized attacker to execute code locally.
CVE-2026-25189
2026-03-10
HIGH
7.8
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2026-25188
2026-03-10
HIGH
8.8
Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.
CVE-2026-25187
2026-03-10
HIGH
7.8
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
CVE-2026-25186
2026-03-10
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally.
CVE-2026-25185
2026-03-10
MEDIUM
5.3
Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-25181
2026-03-10
HIGH
7.5
Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.
CVE-2026-25180
2026-03-10
MEDIUM
5.5
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2026-25179
2026-03-10
HIGH
7.0
Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25178
2026-03-10
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25177
2026-03-10
HIGH
8.8
Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.
CVE-2026-25176
2026-03-10
HIGH
7.8
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-25175
2026-03-10
HIGH
7.8
Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.
CVE-2026-25174
2026-03-10
HIGH
7.8
Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.
CVE-2026-25173
2026-03-10
HIGH
8.0
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
CVE-2026-25172
2026-03-10
HIGH
8.8
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-25171
2026-03-10
HIGH
7.0
Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2026-25170
2026-03-10
HIGH
7.0
Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2026-25169
2026-03-10
MEDIUM
6.2
Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-25168
2026-03-10
MEDIUM
6.2
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally.
CVE-2026-25167
2026-03-10
HIGH
7.4
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2026-25166
2026-03-10
HIGH
7.8
Deserialization of untrusted data in Windows System Image Manager allows an authorized attacker to execute code locally.
CVE-2026-25165
2026-03-10
HIGH
7.8
Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally.
CVE-2026-24641
2026-03-10
LOW
2.7
A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all…
CVE-2026-24640
2026-03-10
MEDIUM
6.6
A Stack-based Buffer Overflow vulnerability [CWE-121] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0.2 through…
CVE-2026-24297
2026-03-10
MEDIUM
6.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kerberos allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-24296
2026-03-10
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24295
2026-03-10
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally.
CVE-2026-24294
2026-03-10
HIGH
7.8
Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.
CVE-2026-24293
2026-03-10
HIGH
7.8
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-24292
2026-03-10
HIGH
7.8
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-24291
2026-03-10
HIGH
7.8
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.
CVE-2026-24290
2026-03-10
HIGH
7.8
Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-24289
2026-03-10
HIGH
7.8
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24288
2026-03-10
MEDIUM
6.8
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack.
CVE-2026-24287
2026-03-10
HIGH
7.8
External control of file name or path in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-24285
2026-03-10
HIGH
7.0
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2026-24283
2026-03-10
HIGH
8.8
Heap-based buffer overflow in Windows File Server allows an authorized attacker to elevate privileges locally.
CVE-2026-24282
2026-03-10
MEDIUM
5.5
Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally.
CVE-2026-24018
2026-03-10
HIGH
7.8
A UNIX symbolic link (Symlink) following vulnerability in Fortinet FortiClientLinux 7.4.0 through 7.4.4, FortiClientLinux 7.2.2 through 7.2.12 may allow a local and unprivileged user to escalate their privileges…
CVE-2026-24017
2026-03-10
HIGH
8.1
An Improper Control of Interaction Frequency vulnerability [CWE-799] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.5, FortiWeb 7.4.0 through 7.4.10, FortiWeb 7.2.0 through 7.2.11, FortiWeb…
CVE-2026-23907
2026-03-10
MEDIUM
5.3
This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The ExtractEmbeddedFiles example contains a path traversal vulnerability (CWE-22) because the filename…
CVE-2026-23674
2026-03-10
HIGH
7.5
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-23673
2026-03-10
HIGH
7.8
Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally.
CVE-2026-23672
2026-03-10
HIGH
7.8
Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-23671
2026-03-10
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally.
« Anterior
Página 204 de 4221
Siguiente »
Page load link
Go to Top
