Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-34340 Use after free in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-34341 Double free in Windows Link-Layer Discovery Protocol (LLDP) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-34347 Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-42825 Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-34342 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32086 Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-40410 Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-34345 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | β | 0 |
| CVE-2026-2542 A weakness has been identified in Total VPN 0.5.29.0 on Windows. Affected by this vulnerability is an unknown functionality of the file C:\Program Files\Total VPN\win-service.exe. Executing a manipula... | 7.0 | HIGH | β | 0 |
| CVE-2026-5656 Profile import path traversal in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | 7.0 | HIGH | β | 0 |
| CVE-2026-7832 A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component Service. The manipulation results in symlink following. Attacking... | 7.0 | HIGH | β | 0 |
| CVE-2026-35352 A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based chmod to set permissions. A local att... | 7.0 | HIGH | β | 0 |
| CVE-2026-34770 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor modu... | 7.0 | HIGH | β | 0 |
| CVE-2026-25171 Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2025-54602 An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a... | 7.0 | HIGH | β | 0 |
| CVE-2026-30901 Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access. | 7.0 | HIGH | β | 0 |
| CVE-2026-32608 Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These... | 7.0 | HIGH | β | 0 |
| CVE-2026-25179 Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-25170 Use after free in Windows Hyper-V allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-27929 Time-of-check time-of-use (toctou) race condition in Windows LUAFV allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-33839 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-25087 Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file (but not an IPC stream) with pre-b... | 7.0 | HIGH | β | 0 |
| CVE-2026-4962 A security flaw has been discovered in UltraVNC up to 1.6.4.0. Affected by this issue is some unknown functionality in the library version.dll of the component Service. The manipulation results in unc... | 7.0 | HIGH | β | 0 |
| CVE-2026-33018 libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single ... | 7.0 | HIGH | β | 0 |
| CVE-2026-32073 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23195 In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: avoid pool UAF An UAF issue was observed: BUG: KASAN: slab-use-after-free in page_counter_uncharge+0x65/0x150 Write ... | 7.0 | HIGH | β | 0 |
| CVE-2026-27917 Use after free in Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-4545 A security flaw has been discovered in Flos Freeware Notepad2 4.2.25. This affects an unknown function in the library PROPSYS.dll. Performing a manipulation results in uncontrolled search path. The at... | 7.0 | HIGH | β | 0 |
| CVE-2026-27921 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-35416 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-34331 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-25178 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-23671 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24296 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-25184 Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24285 Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-40973 A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack pe... | 7.0 | HIGH | β | 0 |
| CVE-2026-23668 Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-31426 In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() When ec_install_handlers() returns -EPROBE_DEFER on reduced-hardwa... | 7.0 | HIGH | β | 0 |
| CVE-2026-23667 Use after free in Broadcast DVR allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-2516 A vulnerability was identified in Unidocs ezPDF DRM Reader and ezPDF Reader 2.0/3.0.0.4. This affects an unknown part in the library SHFOLDER.dll. Such manipulation leads to uncontrolled search path. ... | 7.0 | HIGH | β | 0 |
| CVE-2026-26152 Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24295 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Device Association Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32611 Glances is an open-source system cross-platform monitoring tool. The GHSA-x46r fix (commit 39161f0) addressed SQL injection in the TimescaleDB export module by converting all SQL operations to use par... | 7.0 | HIGH | β | 0 |
| CVE-2026-32041 OpenClaw versions prior to 2026.3.1 fail to properly handle authentication bootstrap errors during startup, allowing browser-control routes to remain accessible without authentication. Local processes... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-41238 DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMPu... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-40446 Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a7152... | 6.9 | MEDIUM | β | 0 |
| CVE-2025-68482 A improper certificate validation vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiA... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-41527 KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism (KUniqueService) for ensuring that only one instance... | 6.9 | MEDIUM | β | 0 |
| CVE-2026-28690 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, a stack buffer overflow vulnerability exists in the MNG encoder... | 6.9 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.