Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-27931
2026-04-14
MEDIUM
5.5
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-27930
2026-04-14
MEDIUM
5.5
Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally.
CVE-2026-27929
2026-04-14
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally.
CVE-2026-27928
2026-04-14
HIGH
8.7
Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-27927
2026-04-14
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-27926
2026-04-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-27925
2026-04-14
MEDIUM
6.5
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network.
CVE-2026-27924
2026-04-14
HIGH
7.8
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27923
2026-04-14
HIGH
7.8
Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-27922
2026-04-14
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-27921
2026-04-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2026-27920
2026-04-14
HIGH
7.8
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27919
2026-04-14
HIGH
7.8
Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27918
2026-04-14
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Shell allows an authorized attacker to elevate privileges locally.
CVE-2026-27917
2026-04-14
HIGH
7.0
Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27916
2026-04-14
HIGH
7.8
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27915
2026-04-14
HIGH
7.8
Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally.
CVE-2026-27914
2026-04-14
HIGH
7.8
Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally.
CVE-2026-27913
2026-04-14
HIGH
7.7
Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-27912
2026-04-14
HIGH
8.0
Improper authorization in Windows Kerberos allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-27911
2026-04-14
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
CVE-2026-27910
2026-04-14
HIGH
7.8
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
CVE-2026-27909
2026-04-14
HIGH
7.8
Use after free in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally.
CVE-2026-27908
2026-04-14
HIGH
7.0
Use after free in Windows TDI Translation Driver (tdx.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-27907
2026-04-14
HIGH
7.8
Integer underflow (wrap or wraparound) in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
CVE-2026-27906
2026-04-14
MEDIUM
4.4
Improper input validation in Windows Hello allows an authorized attacker to bypass a security feature locally.
CVE-2026-27303
2026-04-14
CRITICAL
9.6
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-27258
2026-04-14
MEDIUM
5.5
DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt…
CVE-2026-27246
2026-04-14
CRITICAL
9.3
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to…
CVE-2026-27245
2026-04-14
CRITICAL
9.3
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a…
CVE-2026-27243
2026-04-14
CRITICAL
9.3
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a…
CVE-2026-26184
2026-04-14
HIGH
7.8
Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26183
2026-04-14
HIGH
7.8
Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally.
CVE-2026-26182
2026-04-14
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26181
2026-04-14
HIGH
7.8
Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2026-26180
2026-04-14
HIGH
7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26179
2026-04-14
HIGH
7.8
Double free in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-26178
2026-04-14
HIGH
8.8
Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally.
CVE-2026-26177
2026-04-14
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26176
2026-04-14
HIGH
7.8
Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally.
CVE-2026-26175
2026-04-14
MEDIUM
4.6
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2026-26174
2026-04-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally.
CVE-2026-26173
2026-04-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26172
2026-04-14
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26171
2026-04-14
HIGH
7.5
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26170
2026-04-14
HIGH
7.8
Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.
CVE-2026-26169
2026-04-14
MEDIUM
6.1
Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.
CVE-2026-26168
2026-04-14
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-26167
2026-04-14
HIGH
8.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2026-26166
2026-04-14
HIGH
7.0
Double free in Windows Shell allows an authorized attacker to elevate privileges locally.
« Anterior
Página 296 de 4463
Siguiente »
Page load link
Go to Top
