Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-59202
2025-10-14
HIGH
7.0
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59201
2025-10-14
HIGH
7.8
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
CVE-2025-59200
2025-10-14
HIGH
7.7
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59199
2025-10-14
HIGH
7.8
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59198
2025-10-14
MEDIUM
5.0
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59197
2025-10-14
MEDIUM
5.5
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.
CVE-2025-59196
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59195
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59194
2025-10-14
HIGH
7.0
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59193
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59192
2025-10-14
HIGH
7.8
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59191
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-59190
2025-10-14
MEDIUM
5.5
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
CVE-2025-59189
2025-10-14
HIGH
7.4
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59188
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-59187
2025-10-14
HIGH
7.8
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59186
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-59185
2025-10-14
MEDIUM
6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59184
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
CVE-2025-58739
2025-10-14
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-58738
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58737
2025-10-14
HIGH
7.0
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
CVE-2025-58736
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58735
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58734
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58733
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58732
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58731
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58730
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58729
2025-10-14
MEDIUM
6.5
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-58728
2025-10-14
HIGH
7.8
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-58727
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-58726
2025-10-14
HIGH
7.5
Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-58725
2025-10-14
HIGH
7.0
Heap-based buffer overflow in Windows COM allows an authorized attacker to elevate privileges locally.
CVE-2025-58724
2025-10-14
HIGH
7.8
Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-58722
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2025-58720
2025-10-14
HIGH
7.8
Use of a cryptographic primitive with a risky implementation in Windows Cryptographic Services allows an authorized attacker to disclose information locally.
CVE-2025-58719
2025-10-14
MEDIUM
4.7
Use after free in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-58718
2025-10-14
HIGH
8.8
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2025-58717
2025-10-14
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-58716
2025-10-14
HIGH
8.8
Improper input validation in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-58715
2025-10-14
HIGH
8.8
Integer overflow or wraparound in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
CVE-2025-58714
2025-10-14
HIGH
7.8
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-55701
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Microsoft Windows allows an authorized attacker to elevate privileges locally.
CVE-2025-55700
2025-10-14
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-55699
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-55698
2025-10-14
HIGH
7.7
Null pointer dereference in Windows DirectX allows an authorized attacker to deny service over a network.
CVE-2025-55697
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Azure Local allows an authorized attacker to elevate privileges locally.
CVE-2025-55696
2025-10-14
HIGH
7.8
Time-of-check time-of-use (toctou) race condition in NtQueryInformation Token function (ntifs.h) allows an authorized attacker to elevate privileges locally.
CVE-2025-55695
2025-10-14
MEDIUM
5.5
Out-of-bounds read in Windows WLAN Auto Config Service allows an authorized attacker to disclose information locally.
« Anterior
Página 378 de 3934
Siguiente »
Page load link
Go to Top
