Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-23655
2026-02-10
MEDIUM
6.5
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-21537
2026-02-10
HIGH
8.8
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21531
2026-02-10
CRITICAL
9.8
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2026-21529
2026-02-10
MEDIUM
5.7
Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.
CVE-2026-21528
2026-02-10
MEDIUM
6.5
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
CVE-2026-21527
2026-02-10
MEDIUM
6.5
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21523
2026-02-10
HIGH
8.0
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21522
2026-02-10
MEDIUM
6.7
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-21518
2026-02-10
MEDIUM
6.5
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over…
CVE-2026-21516
2026-02-10
HIGH
8.8
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-21512
2026-02-10
MEDIUM
6.5
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-21511
2026-02-10
HIGH
7.5
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21508
2026-02-10
HIGH
7.0
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-21358
2026-02-10
MEDIUM
5.5
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in application denial-of-service. An attacker could exploit this vulnerability to…
CVE-2026-21357
2026-02-10
HIGH
7.8
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-21332
2026-02-10
MEDIUM
5.5
InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose…
CVE-2026-21261
2026-02-10
MEDIUM
5.5
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21260
2026-02-10
HIGH
7.5
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21259
2026-02-10
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21258
2026-02-10
MEDIUM
5.5
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21257
2026-02-10
HIGH
8.0
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21256
2026-02-10
HIGH
8.8
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2026-21255
2026-02-10
HIGH
8.8
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2026-21253
2026-02-10
HIGH
7.0
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
CVE-2026-21251
2026-02-10
HIGH
7.8
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
CVE-2026-21250
2026-02-10
HIGH
7.8
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21249
2026-02-10
LOW
3.3
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2026-21248
2026-02-10
HIGH
7.3
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21247
2026-02-10
HIGH
7.3
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21246
2026-02-10
HIGH
7.8
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21245
2026-02-10
HIGH
7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21244
2026-02-10
HIGH
7.3
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21243
2026-02-10
HIGH
7.5
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-21242
2026-02-10
HIGH
7.0
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21241
2026-02-10
HIGH
7.0
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21240
2026-02-10
HIGH
7.8
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21239
2026-02-10
HIGH
7.8
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21238
2026-02-10
HIGH
7.8
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21237
2026-02-10
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21236
2026-02-10
HIGH
7.8
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21235
2026-02-10
HIGH
7.3
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21234
2026-02-10
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21232
2026-02-10
HIGH
7.8
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21231
2026-02-10
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21229
2026-02-10
HIGH
8.0
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
CVE-2026-21228
2026-02-10
HIGH
8.1
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
CVE-2026-21222
2026-02-10
MEDIUM
5.5
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-21218
2026-02-10
HIGH
7.5
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20846
2026-02-10
HIGH
7.5
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-1997
2026-02-10
N/A
0.0
Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing (CORS) is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by…
« Anterior
Página 318 de 4236
Siguiente »
Page load link
Go to Top
