Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-59284
2025-10-14
LOW
3.3
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59282
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-59281
2025-10-14
HIGH
7.8
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59280
2025-10-14
LOW
3.1
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
CVE-2025-59278
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59277
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59275
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59261
2025-10-14
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59260
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.
CVE-2025-59259
2025-10-14
MEDIUM
6.5
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59258
2025-10-14
MEDIUM
6.2
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.
CVE-2025-59257
2025-10-14
MEDIUM
6.5
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59255
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59254
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59253
2025-10-14
MEDIUM
5.5
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59250
2025-10-14
HIGH
8.1
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59249
2025-10-14
HIGH
8.8
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59248
2025-10-14
HIGH
7.5
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59244
2025-10-14
MEDIUM
6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59243
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59242
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59241
2025-10-14
HIGH
7.8
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59238
2025-10-14
HIGH
7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59237
2025-10-14
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59236
2025-10-14
HIGH
8.4
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59235
2025-10-14
HIGH
7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59234
2025-10-14
HIGH
7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59233
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59232
2025-10-14
HIGH
7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59231
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59229
2025-10-14
MEDIUM
5.5
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
CVE-2025-59228
2025-10-14
HIGH
8.8
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59227
2025-10-14
HIGH
7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59226
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-59225
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59224
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59223
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59222
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59221
2025-10-14
HIGH
7.0
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59214
2025-10-14
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59213
2025-10-14
HIGH
8.4
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59211
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59210
2025-10-14
HIGH
7.4
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59209
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59208
2025-10-14
HIGH
7.1
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
CVE-2025-59207
2025-10-14
HIGH
7.8
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59206
2025-10-14
HIGH
7.4
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59205
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59204
2025-10-14
MEDIUM
5.5
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2025-59203
2025-10-14
MEDIUM
5.5
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
« Anterior
Página 377 de 3934
Siguiente »
Page load link
Go to Top
