Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Todos los artículos
Vulnerabilidades CVE
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Filtrar por severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
Filtrar
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-33075
2025-06-10
HIGH
7.8
Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-33073
2025-06-10
HIGH
8.8
Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
CVE-2025-33071
2025-06-10
HIGH
8.1
Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.
CVE-2025-33070
2025-06-10
HIGH
8.1
Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-33069
2025-06-10
MEDIUM
5.1
Improper verification of cryptographic signature in App Control for Business (WDAC) allows an unauthorized attacker to bypass a security feature…
CVE-2025-33068
2025-06-10
HIGH
7.5
Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.
CVE-2025-33067
2025-06-10
HIGH
8.4
Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.
CVE-2025-33066
2025-06-10
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a…
CVE-2025-33065
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33064
2025-06-10
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a…
CVE-2025-33063
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33062
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33061
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33060
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33059
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33058
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33057
2025-06-10
MEDIUM
6.5
Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.
CVE-2025-33056
2025-06-10
HIGH
7.5
Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.
CVE-2025-33055
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-33052
2025-06-10
MEDIUM
5.5
Use of uninitialized resource in Windows DWM Core Library allows an authorized attacker to disclose information locally.
CVE-2025-33050
2025-06-10
HIGH
7.5
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32725
2025-06-10
HIGH
7.5
Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32724
2025-06-10
HIGH
7.5
Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a…
CVE-2025-32722
2025-06-10
MEDIUM
5.5
Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.
CVE-2025-32721
2025-06-10
HIGH
7.3
Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32720
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32719
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-32718
2025-06-10
HIGH
7.8
Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.
CVE-2025-32716
2025-06-10
HIGH
7.8
Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.
CVE-2025-32715
2025-06-10
MEDIUM
6.5
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
CVE-2025-32714
2025-06-10
HIGH
7.8
Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-32713
2025-06-10
HIGH
7.8
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-32712
2025-06-10
HIGH
7.8
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
CVE-2025-32710
2025-06-10
HIGH
8.1
Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
CVE-2025-31104
2025-06-10
HIGH
7.2
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiADC 7.6.0 through…
CVE-2025-30321
2025-06-10
MEDIUM
5.5
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application…
CVE-2025-30317
2025-06-10
HIGH
7.8
InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary…
CVE-2025-29828
2025-06-10
HIGH
8.1
Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a…
CVE-2025-25250
2025-06-10
MEDIUM
4.3
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS version 7.6.0, version 7.4.7 and below, 7.2…
CVE-2025-24471
2025-06-10
MEDIUM
6.5
An Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified…
CVE-2025-24069
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24068
2025-06-10
MEDIUM
5.5
Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-24065
2025-06-10
MEDIUM
5.5
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.
CVE-2025-22256
2025-06-10
MEDIUM
6.3
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0…
CVE-2025-22254
2025-06-10
MEDIUM
6.6
An Improper Privilege Management vulnerability [CWE-269] affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0…
CVE-2025-22251
2025-06-10
LOW
3.1
An improper restriction of communication channel to intended endpoints vulnerability [CWE-923] in FortiOS 7.6.0, 7.4.0 through 7.4.5, 7.2 all versions,…
CVE-2024-57189
2025-06-10
N/A
0.0
In Erxes
CVE-2024-57186
2025-06-10
N/A
0.0
In Erxes
CVE-2024-54019
2025-06-10
MEDIUM
4.8
A improper validation of certificate with host mismatch in Fortinet FortiClientWindows version 7.4.0, versions 7.2.0 through 7.2.6, and 7.0 all…
CVE-2024-50568
2025-06-10
MEDIUM
5.9
A channel accessible by non-endpoint vulnerability [CWE-300] in Fortinet FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7 and before 7.0.14…
« Anterior
Página 269 de 3495
Siguiente »
Page load link
Go to Top
