CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

13
CVEs añadidos este mes
1542
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05
CVE-2021-30952 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2024-13159 Ivanti Endpoint Manager (EPM) Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated at… CRÍTICA 2025-03-10
CVE-2024-57968 Advantive VeraCore Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to … CRÍTICA 2025-03-10
CVE-2025-25181 Advantive VeraCore Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execut… MEDIA 2025-03-10
CVE-2025-22226 VMware ESXi, Workstation, and Fusion VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HG… ALTA 2025-03-04
CVE-2025-22225 VMware ESXi VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges withi… ALTA 2025-03-04
CVE-2025-22224 VMware ESXi and Workstation VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an … CRÍTICA 2025-03-04
CVE-2024-50302 Linux Kernel The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory v… MEDIA 2025-03-04
CVE-2024-4885 Progress WhatsUp Gold Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote… CRÍTICA 2025-03-03
CVE-2018-8639 Microsoft Windows Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authent… ALTA 2025-03-03
CVE-2022-43769 Hitachi Vantara Pentaho Business Analytics (BA) Server Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject … ALTA 2025-03-03
CVE-2022-43939 Hitachi Vantara Pentaho Business Analytics (BA) Server Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability t… ALTA 2025-03-03
CVE-2023-20118 Cisco Small Business RV Series Routers Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management … MEDIA 2025-03-03
CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authe… CRÍTICA 2025-02-25
CVE-2024-49035 Microsoft Partner Center Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileg… ALTA 2025-02-25
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged a… ALTA 2025-02-24
CVE-2017-3066 Adobe ColdFusion Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code … CRÍTICA 2025-02-24
CVE-2025-24989 Microsoft Power Pages Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate… ALTA 2025-02-21
CVE-2025-0111 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enab… MEDIA 2025-02-20
CVE-2025-23209 Craft CMS Craft CMS Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately… ALTA 2025-02-20
CVE-2025-0108 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnera… CRÍTICA 2025-02-18
CVE-2024-53704 SonicWall SonicOS SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows … CRÍTICA 2025-02-18
CVE-2024-57727 SimpleHelp SimpleHelp SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote a… ALTA 2025-02-13
CVE-2025-24200 Apple iOS and iPadOS Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB R… MEDIA 2025-02-12
CVE-2024-41710 Mitel SIP Phones Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument in… ALTA 2025-02-12
CVE-2024-40891 Zyxel DSL CPE Devices Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands… ALTA 2025-02-11
← Anterior Página 11 / 62 (1542 CVEs total) Siguiente →
[INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·