Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-21283
2026-01-13
HIGH
7.8
Bridge versions 15.1.2, 16.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21281
2026-01-13
HIGH
7.8
InCopy versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21280
2026-01-13
HIGH
8.6
Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21278
2026-01-13
MEDIUM
5.5
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Out-of-bounds Read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to access…
CVE-2026-21277
2026-01-13
HIGH
7.8
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current…
CVE-2026-21276
2026-01-13
HIGH
7.8
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21275
2026-01-13
HIGH
7.8
InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the…
CVE-2026-21274
2026-01-13
HIGH
7.8
Dreamweaver Desktop versions 21.6 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. An…
CVE-2026-21272
2026-01-13
HIGH
8.6
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system write. An attacker could leverage this vulnerability…
CVE-2026-21271
2026-01-13
HIGH
8.6
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21268
2026-01-13
HIGH
8.6
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user.…
CVE-2026-21267
2026-01-13
HIGH
8.6
Dreamweaver Desktop versions 21.6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in…
CVE-2026-21226
2026-01-13
HIGH
7.5
Deserialization of untrusted data in Azure Core shared client library for Python allows an authorized attacker to execute code over a network.
CVE-2025-68949
2026-01-13
MEDIUM
5.3
n8n is an open source workflow automation platform. From 1.36.0 to before 2.2.0, the Webhook node’s IP whitelist validation performed partial string matching instead of exact IP comparison.…
CVE-2025-68271
2026-01-13
CRITICAL
10.0
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From 5.0.0 to 6.10.1, OpenC3 COSMOS contains a critical…
CVE-2026-21265
2026-01-13
MEDIUM
6.4
Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to…
CVE-2026-21224
2026-01-13
HIGH
7.8
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-21221
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-21219
2026-01-13
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2026-20965
2026-01-13
HIGH
7.5
Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.
CVE-2026-20963
2026-01-13
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20962
2026-01-13
MEDIUM
4.4
Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.
CVE-2026-20959
2026-01-13
MEDIUM
4.6
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-20958
2026-01-13
MEDIUM
5.4
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
CVE-2026-20957
2026-01-13
HIGH
7.8
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20956
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20955
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20953
2026-01-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20952
2026-01-13
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20951
2026-01-13
HIGH
7.8
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2026-20950
2026-01-13
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20949
2026-01-13
HIGH
7.8
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20948
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20947
2026-01-13
HIGH
8.8
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20946
2026-01-13
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-20944
2026-01-13
HIGH
8.4
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-20943
2026-01-13
HIGH
7.0
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-20941
2026-01-13
HIGH
7.8
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
CVE-2026-20940
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20939
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20938
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20937
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20936
2026-01-13
MEDIUM
4.3
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
CVE-2026-20935
2026-01-13
MEDIUM
6.2
Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an unauthorized attacker to disclose information locally.
CVE-2026-20934
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20932
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally.
CVE-2026-20931
2026-01-13
HIGH
8.0
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
CVE-2026-20929
2026-01-13
HIGH
7.5
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
CVE-2026-20927
2026-01-13
MEDIUM
5.3
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
CVE-2026-20926
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
« Anterior
Página 435 de 4266
Siguiente »
Page load link
Go to Top
