CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

13
CVEs añadidos este mes
1542
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05
CVE-2021-30952 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2025-29824 Microsoft Windows Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorize… ALTA 2025-04-08
CVE-2025-30406 Gladinet CentreStack Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the appli… CRÍTICA 2025-04-08
CVE-2025-31161 CrushFTP CrushFTP CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthen… CRÍTICA 2025-04-07
CVE-2025-22457 Ivanti Connect Secure, Policy Secure, and ZTA Gateways Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows… CRÍTICA 2025-04-04
CVE-2025-24813 Apache Tomcat Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose informa… CRÍTICA 2025-04-01
CVE-2024-20439 Cisco Smart Licensing Utility Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacke… CRÍTICA 2025-03-31
CVE-2025-2783 Google Chromium Mojo Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an … ALTA 2025-03-27
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF mod… ALTA 2025-03-26
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF mod… CRÍTICA 2025-03-26
CVE-2025-30154 reviewdog action-setup GitHub Action reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Gi… ALTA 2025-03-24
CVE-2017-12637 SAP NetWeaver SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca4… ALTA 2025-03-19
CVE-2024-48248 NAKIVO Backup and Replication NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitr… ALTA 2025-03-19
CVE-2025-1316 Edimax IC-7100 IP Camera Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows … CRÍTICA 2025-03-19
CVE-2025-30066 tj-actions changed-files GitHub Action tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker … ALTA 2025-03-18
CVE-2025-24472 Fortinet FortiOS and FortiProxy Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain s… ALTA 2025-03-18
CVE-2025-21590 Juniper Junos OS Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows … MEDIA 2025-03-13
CVE-2025-24201 Apple Multiple Products Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allo… CRÍTICA 2025-03-13
CVE-2025-24993 Microsoft Windows Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an … ALTA 2025-03-11
CVE-2025-24991 Microsoft Windows Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authori… MEDIA 2025-03-11
CVE-2025-24985 Microsoft Windows Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an u… ALTA 2025-03-11
CVE-2025-24984 Microsoft Windows Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulner… MEDIA 2025-03-11
CVE-2025-24983 Microsoft Windows Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to … ALTA 2025-03-11
CVE-2025-26633 Microsoft Windows Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorize… ALTA 2025-03-11
CVE-2024-13161 Ivanti Endpoint Manager (EPM) Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated at… CRÍTICA 2025-03-10
CVE-2024-13160 Ivanti Endpoint Manager (EPM) Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated at… CRÍTICA 2025-03-10
← Anterior Página 10 / 62 (1542 CVEs total) Siguiente →
[INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·