Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Todo el contenido
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-54900
2025-09-09
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54899
2025-09-09
HIGH
7.8
Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54898
2025-09-09
HIGH
7.8
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54897
2025-09-09
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-54896
2025-09-09
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-54895
2025-09-09
HIGH
7.8
Integer overflow or wraparound in Windows SPNEGO Extended Negotiation allows an authorized attacker to elevate privileges locally.
CVE-2025-54894
2025-09-09
HIGH
7.8
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2025-54709
2025-09-09
HIGH
8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in uxper Sala. This issue affects Sala: from n/a through 1.1.6.
CVE-2025-54261
2025-09-09
CRITICAL
9.0
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary…
CVE-2025-54252
2025-09-09
MEDIUM
5.4
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts…
CVE-2025-54251
2025-09-09
MEDIUM
4.3
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this…
CVE-2025-54250
2025-09-09
MEDIUM
4.9
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage…
CVE-2025-54249
2025-09-09
MEDIUM
6.5
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could…
CVE-2025-54248
2025-09-09
HIGH
7.7
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage…
CVE-2025-54247
2025-09-09
MEDIUM
6.5
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage…
CVE-2025-54246
2025-09-09
MEDIUM
6.5
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this…
CVE-2025-54116
2025-09-09
HIGH
7.3
Improper access control in Windows MultiPoint Services allows an authorized attacker to elevate privileges locally.
CVE-2025-54115
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54114
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to deny service locally.
CVE-2025-54113
2025-09-09
HIGH
8.8
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-54112
2025-09-09
HIGH
7.0
Use after free in Microsoft Virtual Hard Drive allows an authorized attacker to elevate privileges locally.
CVE-2025-54111
2025-09-09
HIGH
7.8
Use after free in Windows UI XAML Phone DatePickerFlyout allows an authorized attacker to elevate privileges locally.
CVE-2025-54110
2025-09-09
HIGH
8.8
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-54109
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54108
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-54107
2025-09-09
MEDIUM
4.3
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-54106
2025-09-09
HIGH
8.8
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
CVE-2025-54105
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
CVE-2025-54104
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54103
2025-09-09
HIGH
7.4
Use after free in Windows Management Services allows an unauthorized attacker to elevate privileges locally.
CVE-2025-54102
2025-09-09
HIGH
7.8
Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54101
2025-09-09
MEDIUM
4.8
Use after free in Windows SMBv3 Client allows an authorized attacker to execute code over a network.
CVE-2025-54099
2025-09-09
HIGH
7.0
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-54098
2025-09-09
HIGH
7.8
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54097
2025-09-09
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-54096
2025-09-09
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-54095
2025-09-09
MEDIUM
6.5
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-54094
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-54093
2025-09-09
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
CVE-2025-54092
2025-09-09
HIGH
7.8
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-54091
2025-09-09
HIGH
7.8
Integer overflow or wraparound in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53810
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53809
2025-09-09
MEDIUM
6.5
Improper input validation in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.
CVE-2025-53808
2025-09-09
MEDIUM
6.7
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
CVE-2025-53807
2025-09-09
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-53806
2025-09-09
MEDIUM
6.5
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53805
2025-09-09
HIGH
7.5
Out-of-bounds read in Windows Internet Information Services allows an unauthorized attacker to deny service over a network.
CVE-2025-53804
2025-09-09
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-53803
2025-09-09
MEDIUM
5.5
Generation of error message containing sensitive information in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-53802
2025-09-09
HIGH
7.0
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
« Anterior
Página 481 de 3937
Siguiente »
Page load link
Go to Top
