Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-27311 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2026-27310 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of ... | 7.8 | HIGH | β | 0 |
| CVE-2026-27289 Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.... | 7.8 | HIGH | β | 0 |
| CVE-2026-27222 Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the ap... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-34625 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environm... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-34624 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environm... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-34623 Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environm... | 5.4 | MEDIUM | β | 0 |
| CVE-2026-5756 Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfilt... | 7.5 | HIGH | β | 0 |
| CVE-2026-5754 Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized ac... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-5752 Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal. | 9.3 | CRITICAL | β | 0 |
| CVE-2026-34629 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-34628 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-34627 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploita... | 7.8 | HIGH | β | 0 |
| CVE-2026-34617 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vuln... | 8.7 | HIGH | β | 0 |
| CVE-2026-34615 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. An ... | 9.3 | CRITICAL | β | 0 |
| CVE-2026-34614 Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerab... | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33829 Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | 4.3 | MEDIUM | β | 0 |
| CVE-2026-33827 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | 8.1 | HIGH | β | 0 |
| CVE-2026-33826 Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | 8.0 | HIGH | β | 0 |
| CVE-2026-33825 Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | KEV | 0 |
| CVE-2026-33824 Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-33822 Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | 6.1 | MEDIUM | β | 0 |
| CVE-2026-33120 Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-33116 Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-33115 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-33114 Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-33104 Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-33103 Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33101 Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-33100 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-33099 Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-33098 Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-33096 Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-33095 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32226 Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | 5.9 | MEDIUM | β | 0 |
| CVE-2026-32225 Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | 8.8 | HIGH | β | 0 |
| CVE-2026-32224 Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32223 Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack. | 6.8 | MEDIUM | β | 0 |
| CVE-2026-32222 Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | 7.8 | HIGH | β | 0 |
| CVE-2026-32221 Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally. | 8.4 | HIGH | β | 0 |
| CVE-2026-32220 Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. | 4.4 | MEDIUM | β | 0 |
| CVE-2026-32219 Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. | 7.0 | HIGH | β | 0 |
| CVE-2026-32218 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32217 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32216 Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32215 Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32214 Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32212 Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32203 Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | 7.5 | HIGH | β | 0 |
| CVE-2026-32202 Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network. | 4.3 | MEDIUM | KEV | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.