Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-25582 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.3, there is a heap buffer overflow (... | 7.8 | HIGH | β | 0 |
| CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | 7.8 | HIGH | β | 0 |
| CVE-2025-69875 A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged... | 7.8 | HIGH | β | 0 |
| CVE-2026-25187 Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25143 melange allows users to build apk packages using declarative pipelines. From version 0.10.0 to before 0.40.3, an attacker who can influence inputs to the patch pipeline could execute arbitrary shell c... | 7.8 | HIGH | β | 0 |
| CVE-2026-21349 Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this ... | 7.8 | HIGH | β | 0 |
| CVE-2026-25502 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, stack-based buffer overflow in ic... | 7.8 | HIGH | β | 0 |
| CVE-2025-60865 Insecure Permissions vulnerability in avanquest Driver Updater v.9.1.57803.1174 allows a local attacker to escalate privileges via the Driver Updater Service windows component. | 7.8 | HIGH | β | 0 |
| CVE-2026-27622 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals ... | 7.8 | HIGH | β | 0 |
| CVE-2026-27905 BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.36, the safe_extract_tarfile() function validates that each tar member's path is... | 7.8 | HIGH | β | 0 |
| CVE-2026-26108 Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-22923 A vulnerability has been identified in NX (All versions < V2512), NX (Managed Mode) (All versions < V2512). The affected application contains a data validation vulnerability that could allow an attack... | 7.8 | HIGH | β | 0 |
| CVE-2025-47379 Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources. | 7.8 | HIGH | β | 0 |
| CVE-2019-25281 NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquot... | 7.8 | HIGH | β | 0 |
| CVE-2026-23223 In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.... | 7.8 | HIGH | β | 0 |
| CVE-2026-23719 A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected application is vulnerable to heap-based buffer overflow while pars... | 7.8 | HIGH | β | 0 |
| CVE-2026-31468 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to only... | 7.8 | HIGH | β | 0 |
| CVE-2026-31479 In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: [ 413.361679] WARNING: drivers/gpu/d... | 7.8 | HIGH | β | 0 |
| CVE-2026-31650 In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix use-after-free on disconnect The vub300 driver maintains an explicit reference count for the controller and its d... | 7.8 | HIGH | β | 0 |
| CVE-2026-31485 In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue (UAF) There is a teardown order issue in the driver. The SPI controller is registered... | 7.8 | HIGH | β | 0 |
| CVE-2026-31493 In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we pr... | 7.8 | HIGH | β | 0 |
| CVE-2026-31500 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_... | 7.8 | HIGH | β | 0 |
| CVE-2026-31505 In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() iavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the va... | 7.8 | HIGH | β | 0 |
| CVE-2026-31506 In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devre... | 7.8 | HIGH | β | 0 |
| CVE-2026-31511 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_... | 7.8 | HIGH | β | 0 |
| CVE-2026-32158 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23415 In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy i... | 7.8 | HIGH | β | 0 |
| CVE-2026-31527 In the Linux kernel, the following vulnerability has been resolved: driver core: platform: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' matc... | 7.8 | HIGH | β | 0 |
| CVE-2026-32159 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-33999 A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a... | 7.8 | HIGH | β | 0 |
| CVE-2026-26179 Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-34003 A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerabil... | 7.8 | HIGH | β | 0 |
| CVE-2026-32152 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26181 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26183 Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26184 Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32153 Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23198 In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the I... | 7.8 | HIGH | β | 0 |
| CVE-2026-23192 In the Linux kernel, the following vulnerability has been resolved: linkwatch: use __dev_put() in callers to prevent UAF After linkwatch_do_dev() calls __dev_put() to release the linkwatch reference... | 7.8 | HIGH | β | 0 |
| CVE-2026-32154 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32155 Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-40527 radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_par... | 7.8 | HIGH | β | 0 |
| CVE-2026-41336 OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted ... | 7.8 | HIGH | β | 0 |
| CVE-2026-32168 Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26180 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-33793 An Execution with Unnecessary Privileges vulnerabilityΒ in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, thu... | 7.8 | HIGH | β | 0 |
| CVE-2026-5397 It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malici... | 7.8 | HIGH | β | 0 |
| CVE-2026-23383 In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpf_plt contains a u64 target field. Currently,... | 7.8 | HIGH | β | 0 |
| CVE-2026-23319 In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcoun... | 7.8 | HIGH | β | 0 |
| CVE-2026-23248 In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix refcount bug and potential UAF in perf_mmap Syzkaller reported a refcount_t: addition on 0; use-after-free warning ... | 7.8 | HIGH | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.