Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-27243 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-26184 Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26183 Improper access control in Windows RPC API allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26182 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26181 Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26180 Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26179 Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26178 Integer size truncation in Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. | 8.8 | HIGH | β | 0 |
| CVE-2026-26177 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26176 Heap-based buffer overflow in Windows Client Side Caching driver (csc.sys) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26175 Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-26174 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26173 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally... | 7.0 | HIGH | β | 0 |
| CVE-2026-26172 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26171 Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-26170 Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26169 Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-26168 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally... | 7.8 | HIGH | β | 0 |
| CVE-2026-26167 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | 8.8 | HIGH | β | 0 |
| CVE-2026-26166 Double free in Windows Shell allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26165 Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26163 Double free in Windows Kernel allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26162 Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26161 Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26160 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26159 Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26156 Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | 6.5 | MEDIUM | β | 0 |
| CVE-2026-26154 Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-26153 Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-26152 Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-26151 Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | 7.1 | HIGH | β | 0 |
| CVE-2026-26149 Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network. | 9.0 | CRITICAL | β | 0 |
| CVE-2026-26143 Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-25184 Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-24907 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the Event Log mail preview feature. When... | N/A | NONE | β | 0 |
| CVE-2026-24906 October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup ... | N/A | NONE | β | 0 |
| CVE-2026-23670 Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-23666 Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-23657 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-23653 Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. | 5.7 | MEDIUM | β | 0 |
| CVE-2026-21331 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-20945 Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-20930 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-20928 Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | 4.6 | MEDIUM | β | 0 |
| CVE-2026-20806 Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-0390 Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. | 6.7 | MEDIUM | β | 0 |
| CVE-2026-0209 Under certain administrative conditions, FlashArray Purity may apply snapshot retention policies earlier or later than configured. | N/A | NONE | β | 0 |
| CVE-2026-0207 A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | N/A | NONE | β | 0 |
| CVE-2025-70023 An issue pertaining to CWE-843: Access of Resource Using Incompatible Type was discovered in transloadit uppy v0.25.6. | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.