Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-60536
2025-10-14
HIGH
7.5
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file.
CVE-2025-57618
2025-10-14
HIGH
7.3
A path traversal vulnerability in FastX3 thru 3.3.67 allows an unauthenticated attacker to read arbitrary files on the server. By leveraging this vulnerability, it is possible to access…
CVE-2025-57563
2025-10-14
MEDIUM
6.5
A path traversal in StarNet Communications Corporation FastX v.4 through v4.1.51 allows unauthenticated attackers to read arbitrary files.
CVE-2025-23356
2025-10-14
HIGH
8.4
NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information…
CVE-2025-11736
2025-10-14
HIGH
7.3
A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument…
CVE-2025-60535
2025-10-14
HIGH
7.3
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.
CVE-2025-59502
2025-10-14
HIGH
7.5
Uncontrolled resource consumption in Windows Remote Procedure Call allows an unauthorized attacker to deny service over a network.
CVE-2025-59497
2025-10-14
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Microsoft Defender for Linux allows an authorized attacker to deny service locally.
CVE-2025-59494
2025-10-14
HIGH
7.8
Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59295
2025-10-14
HIGH
8.8
Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.
CVE-2025-59294
2025-10-14
LOW
2.1
Exposure of sensitive information to an unauthorized actor in Windows Taskbar Live allows an unauthorized attacker to disclose information with a physical attack.
CVE-2025-59292
2025-10-14
HIGH
8.2
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59291
2025-10-14
HIGH
8.2
External control of file name or path in Confidential Azure Container Instances allows an authorized attacker to elevate privileges locally.
CVE-2025-59290
2025-10-14
HIGH
7.8
Use after free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59289
2025-10-14
HIGH
7.0
Double free in Windows Bluetooth Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59288
2025-10-14
MEDIUM
5.3
Improper verification of cryptographic signature in GitHub allows an unauthorized attacker to perform spoofing over an adjacent network.
CVE-2025-59287
2025-10-14
CRITICAL
9.8
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
CVE-2025-59285
2025-10-14
HIGH
7.0
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2025-59284
2025-10-14
LOW
3.3
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59282
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-59281
2025-10-14
HIGH
7.8
Improper link resolution before file access ('link following') in XBox Gaming Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59280
2025-10-14
LOW
3.1
Improper authentication in Windows SMB Client allows an unauthorized attacker to perform tampering over a network.
CVE-2025-59278
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59277
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59275
2025-10-14
HIGH
7.8
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
CVE-2025-59261
2025-10-14
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59260
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Microsoft Failover Cluster Virtual Driver allows an authorized attacker to disclose information locally.
CVE-2025-59259
2025-10-14
MEDIUM
6.5
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59258
2025-10-14
MEDIUM
6.2
Insertion of sensitive information into log file in Active Directory Federation Services allows an unauthorized attacker to disclose information locally.
CVE-2025-59257
2025-10-14
MEDIUM
6.5
Improper validation of specified type of input in Windows Local Session Manager (LSM) allows an authorized attacker to deny service over a network.
CVE-2025-59255
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59254
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
CVE-2025-59253
2025-10-14
MEDIUM
5.5
Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59250
2025-10-14
HIGH
8.1
Improper input validation in JDBC Driver for SQL Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59249
2025-10-14
HIGH
8.8
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-59248
2025-10-14
HIGH
7.5
Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59244
2025-10-14
MEDIUM
6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59243
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59242
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2025-59241
2025-10-14
HIGH
7.8
Improper link resolution before file access ('link following') in Windows Health and Optimized Experiences Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59238
2025-10-14
HIGH
7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59237
2025-10-14
HIGH
8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59236
2025-10-14
HIGH
8.4
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59235
2025-10-14
HIGH
7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59234
2025-10-14
HIGH
7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59233
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59232
2025-10-14
HIGH
7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59231
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59229
2025-10-14
MEDIUM
5.5
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
CVE-2025-59228
2025-10-14
HIGH
8.8
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
« Anterior
Página 86 de 3643
Siguiente »
Page load link
Go to Top
