Skip to content
Toggle Navigation
ISO/IEC 27001
Introducción a ISO 27001
Requisitos Normativos
ISO 27001 – GAP Analysis (Tool)
Concientización
Todos el contenido
Ciberseguridad
Introducción a la ciberseguridad
Defensa de sistemas informáticos
Amenazas y tendencias
Eventos de ciberseguridad
Glosario
Vulnerabilidades CVE
Todos el contenido
Desarrollo seguro (SDLC)
Desarrollo de software seguro
Normativa y Leyes
Leyes de protección de datos
Agencias nacionales de ciberseguridad
Noticias
Contacto
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-59234
2025-10-14
HIGH
7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59233
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59232
2025-10-14
HIGH
7.1
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59231
2025-10-14
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59229
2025-10-14
MEDIUM
5.5
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.
CVE-2025-59228
2025-10-14
HIGH
8.8
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-59227
2025-10-14
HIGH
7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59226
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-59225
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59224
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59223
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59222
2025-10-14
HIGH
7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59221
2025-10-14
HIGH
7.0
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-59214
2025-10-14
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59213
2025-10-14
HIGH
8.4
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59211
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59210
2025-10-14
HIGH
7.4
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59209
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Push Notification Core allows an authorized attacker to disclose information locally.
CVE-2025-59208
2025-10-14
HIGH
7.1
Out-of-bounds read in Windows MapUrlToZone allows an unauthorized attacker to disclose information over a network.
CVE-2025-59207
2025-10-14
HIGH
7.8
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59206
2025-10-14
HIGH
7.4
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
CVE-2025-59205
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2025-59204
2025-10-14
MEDIUM
5.5
Use of uninitialized resource in Windows Management Services allows an authorized attacker to disclose information locally.
CVE-2025-59203
2025-10-14
MEDIUM
5.5
Insertion of sensitive information into log file in Windows StateRepository API allows an authorized attacker to disclose information locally.
CVE-2025-59202
2025-10-14
HIGH
7.0
Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59201
2025-10-14
HIGH
7.8
Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally.
CVE-2025-59200
2025-10-14
HIGH
7.7
Concurrent execution using shared resource with improper synchronization ('race condition') in Data Sharing Service Client allows an unauthorized attacker to perform spoofing locally.
CVE-2025-59199
2025-10-14
HIGH
7.8
Improper access control in Software Protection Platform (SPP) allows an authorized attacker to elevate privileges locally.
CVE-2025-59198
2025-10-14
MEDIUM
5.0
Improper input validation in Microsoft Windows Search Component allows an authorized attacker to deny service locally.
CVE-2025-59197
2025-10-14
MEDIUM
5.5
Insertion of sensitive information into log file in Windows ETL Channel allows an authorized attacker to disclose information locally.
CVE-2025-59196
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally.
CVE-2025-59195
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to deny service locally.
CVE-2025-59194
2025-10-14
HIGH
7.0
Use of uninitialized resource in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59193
2025-10-14
HIGH
7.0
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
CVE-2025-59192
2025-10-14
HIGH
7.8
Buffer over-read in Storport.sys Driver allows an authorized attacker to elevate privileges locally.
CVE-2025-59191
2025-10-14
HIGH
7.8
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
CVE-2025-59190
2025-10-14
MEDIUM
5.5
Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally.
CVE-2025-59189
2025-10-14
HIGH
7.4
Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.
CVE-2025-59188
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Failover Cluster allows an authorized attacker to disclose information locally.
CVE-2025-59187
2025-10-14
HIGH
7.8
Improper input validation in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2025-59186
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2025-59185
2025-10-14
MEDIUM
6.5
External control of file name or path in Windows Core Shell allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59184
2025-10-14
MEDIUM
5.5
Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally.
CVE-2025-58739
2025-10-14
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-58738
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58737
2025-10-14
HIGH
7.0
Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally.
CVE-2025-58736
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58735
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58734
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
CVE-2025-58733
2025-10-14
HIGH
7.0
Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally.
« Anterior
Página 87 de 3644
Siguiente »
Page load link
Go to Top
