Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2026-20925
2026-01-13
MEDIUM
6.5
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20924
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20923
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20922
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20921
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20920
2026-01-13
HIGH
7.8
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20919
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20918
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20877
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20876
2026-01-13
MEDIUM
6.7
Heap-based buffer overflow in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2026-20875
2026-01-13
HIGH
7.5
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
CVE-2026-20874
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20873
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20872
2026-01-13
MEDIUM
6.5
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-20871
2026-01-13
HIGH
7.8
Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-20870
2026-01-13
HIGH
7.8
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20869
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
CVE-2026-20868
2026-01-13
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2026-20867
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20866
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20865
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20864
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2026-20863
2026-01-13
HIGH
7.0
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
CVE-2026-20862
2026-01-13
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2026-20861
2026-01-13
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20860
2026-01-13
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-20859
2026-01-13
HIGH
7.8
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
CVE-2026-20858
2026-01-13
HIGH
7.8
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2026-20857
2026-01-13
HIGH
7.8
Untrusted pointer dereference in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
CVE-2026-20856
2026-01-13
HIGH
8.1
Improper input validation in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2026-20854
2026-01-13
HIGH
7.5
Use after free in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to execute code over a network.
CVE-2026-20853
2026-01-13
HIGH
7.4
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows WalletService allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20852
2026-01-13
HIGH
7.7
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
CVE-2026-20851
2026-01-13
MEDIUM
6.2
Out-of-bounds read in Capability Access Management Service (camsvc) allows an unauthorized attacker to disclose information locally.
CVE-2026-20849
2026-01-13
HIGH
7.5
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2026-20848
2026-01-13
HIGH
7.5
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-20847
2026-01-13
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to perform spoofing over a network.
CVE-2026-20844
2026-01-13
HIGH
7.4
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
CVE-2026-20843
2026-01-13
HIGH
7.8
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
CVE-2026-20842
2026-01-13
HIGH
7.0
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
CVE-2026-20840
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
CVE-2026-20839
2026-01-13
MEDIUM
5.5
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to disclose information locally.
CVE-2026-20838
2026-01-13
MEDIUM
5.5
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-20837
2026-01-13
HIGH
7.8
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
CVE-2026-20836
2026-01-13
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-20835
2026-01-13
MEDIUM
5.5
Out-of-bounds read in Capability Access Management Service (camsvc) allows an authorized attacker to disclose information locally.
CVE-2026-20834
2026-01-13
MEDIUM
4.6
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
CVE-2026-20833
2026-01-13
MEDIUM
5.5
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
CVE-2026-20832
2026-01-13
HIGH
7.8
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
CVE-2026-20831
2026-01-13
HIGH
7.8
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
« Anterior
Página 436 de 4266
Siguiente »
Page load link
Go to Top
