Skip to content
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Toggle Navigation
Kit ISO 27001
Ingeniería y Consultoría
Recursos
ISO 27001
ISO 27001 – GAP Analysis Tool
Ciberseguridad
Vulnerabilidades CVE
Blog
Contacto
Obtener el Toolkit
Vulnerabilidades CVE
Vulnerabilidades CVE
drmunozcl
2025-06-04T18:44:58-04:00
Vulnerabilidades CVE
A continuación la lista de las últimas vulnerabilidades publicadas por el instituto NIST:
Severidad:
Todas
NONE
LOW
MEDIUM
HIGH
CRITICAL
UNKNOWN
CVE:
Aplicar
Borrar filtros
CVE ID
Publicado
Severidad
CVSS
Descripción
CVE-2025-32932
2025-08-12
MEDIUM
6.5
An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR version 7.6.1 and below, version 7.5.1 and below, 7.4 all versions, 7.3 all…
CVE-2025-32766
2025-08-12
MEDIUM
6.4
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiWeb CLI version 7.6.0 through 7.6.3 and before 7.4.8 allows a privileged attacker to execute arbitrary code or commands via…
CVE-2025-27759
2025-08-12
MEDIUM
6.7
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb version 7.6.0 through 7.6.3, 7.4.0 through 7.4.7, 7.2.0 through…
CVE-2025-25256
2025-08-12
CRITICAL
9.8
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSIEM version 7.3.0 through 7.3.1, 7.2.0 through 7.2.5, 7.1.0 through…
CVE-2025-25248
2025-08-12
MEDIUM
5.3
An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiOS version 7.6.2 and below, version 7.4.7 and below, version 7.2.10 and below, 7.2 all versions, 6.4 all versions, FortiProxy version…
CVE-2024-52964
2025-08-12
MEDIUM
5.5
An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.9 and…
CVE-2024-48892
2025-08-12
MEDIUM
6.8
A relative path traversal vulnerability [CWE-23] in FortiSOAR 7.6.0, 7.5.0 through 7.5.1, 7.4 all versions, 7.3 all versions may allow an authenticated attacker to read arbitrary files via…
CVE-2024-40588
2025-08-12
MEDIUM
4.4
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiMail version 7.6.0 through 7.6.1 and before 7.4.3, FortiVoice version 7.0.0 through 7.0.5 and before 7.4.9, FortiRecorder version 7.2.0 through…
CVE-2024-26009
2025-08-12
HIGH
8.1
An authentication bypass using an alternate path or channel [CWE-288] vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through…
CVE-2023-45584
2025-08-12
MEDIUM
6.6
A double free vulnerability [CWE-415] in Fortinet FortiOS version 7.4.0, version 7.2.0 through 7.2.5 and before 7.0.12, FortiProxy version 7.4.0 through 7.4.1, version 7.2.0 through 7.2.7 and before…
CVE-2025-53773
2025-08-12
HIGH
7.8
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.
CVE-2025-8395
2025-08-12
N/A
0.0
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-55011
2025-08-12
MEDIUM
6.4
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.47, the createTaskFile method in the API does not validate whether the task_id parameter…
CVE-2025-55157
2025-08-11
HIGH
8.8
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1400, When processing nested tuples in Vim script, an error during evaluation can…
CVE-2025-55158
2025-08-11
HIGH
8.8
Vim is an open source, command line text editor. In versions from 9.1.1231 to before 9.1.1406, when processing nested tuples during Vim9 script import operations, an error during…
CVE-2025-53793
2025-08-12
HIGH
7.5
Improper authentication in Azure Stack allows an unauthorized attacker to disclose information over a network.
CVE-2025-53789
2025-08-12
HIGH
7.8
Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.
CVE-2025-53788
2025-08-12
HIGH
7.0
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2025-53784
2025-08-12
HIGH
8.4
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53783
2025-08-12
HIGH
7.5
Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.
CVE-2025-53781
2025-08-12
HIGH
7.7
Exposure of sensitive information to an unauthorized actor in Azure Virtual Machines allows an authorized attacker to disclose information over a network.
CVE-2025-53779
2025-08-12
HIGH
7.2
Relative path traversal in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
CVE-2025-53778
2025-08-12
HIGH
8.8
Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.
CVE-2025-53772
2025-08-12
HIGH
8.8
Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.
CVE-2025-53769
2025-08-12
MEDIUM
5.5
External control of file name or path in Windows Security App allows an authorized attacker to perform spoofing locally.
CVE-2025-53766
2025-08-12
CRITICAL
9.8
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-53765
2025-08-12
MEDIUM
4.4
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally.
CVE-2025-53761
2025-08-12
HIGH
7.8
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-53760
2025-08-12
HIGH
7.1
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-53759
2025-08-12
HIGH
7.8
Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53741
2025-08-12
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53740
2025-08-12
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53739
2025-08-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53738
2025-08-12
HIGH
7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53737
2025-08-12
HIGH
7.8
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53736
2025-08-12
MEDIUM
6.8
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2025-53735
2025-08-12
HIGH
7.8
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-53734
2025-08-12
HIGH
7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53733
2025-08-12
HIGH
8.4
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53732
2025-08-12
HIGH
7.8
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53731
2025-08-12
HIGH
8.4
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53730
2025-08-12
HIGH
7.8
Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.
CVE-2025-53729
2025-08-12
HIGH
7.8
Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally.
CVE-2025-53728
2025-08-12
MEDIUM
6.5
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2025-53727
2025-08-12
HIGH
8.8
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
CVE-2025-53726
2025-08-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53725
2025-08-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53724
2025-08-12
HIGH
7.8
Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
CVE-2025-53723
2025-08-12
HIGH
7.8
Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
CVE-2025-53722
2025-08-12
HIGH
7.5
Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.
« Anterior
Página 924 de 4305
Siguiente »
Page load link
Go to Top
