// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2024-42009	Roundcube Webmail	RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to st…	CRÍTICA	2025-06-09
CVE-2025-32433	Erlang Erlang/OTP	Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an…	CRÍTICA	2025-06-09
CVE-2025-5419	Google Chromium V8	Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potenti…	ALTA	2025-06-05
CVE-2025-21479	Qualcomm Multiple Chipsets	Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corru…	ALTA	2025-06-03
CVE-2025-21480	Qualcomm Multiple Chipsets	Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corru…	ALTA	2025-06-03
CVE-2025-27038	Qualcomm Multiple Chipsets	Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption whil…	ALTA	2025-06-03
CVE-2021-32030	ASUS Routers	ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to g…	CRÍTICA	2025-06-02
CVE-2025-3935	ConnectWise ScreenConnect	ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState…	ALTA	2025-06-02
CVE-2025-35939	Craft CMS Craft CMS	Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow…	MEDIA	2025-06-02
CVE-2024-56145	Craft CMS Craft CMS	Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution…	CRÍTICA	2025-06-02
CVE-2023-39780	ASUS RT-AX55 Routers	ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to…	ALTA	2025-06-02
CVE-2025-4632	Samsung MagicINFO 9 Server	Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as s…	CRÍTICA	2025-05-22
CVE-2023-38950	ZKTeco BioTime	ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to rea…	ALTA	2025-05-19
CVE-2024-27443	Synacor Zimbra Collaboration Suite (ZCS)	Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra we…	MEDIA	2025-05-19
CVE-2025-27920	Srimax Output Messenger	Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files …	ALTA	2025-05-19
CVE-2024-11182	MDaemon Email Server	MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrar…	MEDIA	2025-05-19
CVE-2025-4428	Ivanti Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authe…	ALTA	2025-05-19
CVE-2025-4427	Ivanti Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows …	MEDIA	2025-05-19
CVE-2025-42999	SAP NetWeaver	SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attac…	CRÍTICA	2025-05-15
CVE-2024-12987	DrayTek Vigor Routers	DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown fun…	ALTA	2025-05-15
CVE-2025-32756	Fortinet Multiple Products	Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a re…	CRÍTICA	2025-05-14
CVE-2025-32709	Microsoft Windows	Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authoriz…	ALTA	2025-05-13
CVE-2025-30397	Microsoft Windows	Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to exec…	ALTA	2025-05-13
CVE-2025-32706	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows …	ALTA	2025-05-13
CVE-2025-32701	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorize…	ALTA	2025-05-13

← Anterior Página 10 / 64 (1587 CVEs total) Siguiente →