CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2024-40891 Zyxel DSL CPE Devices Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands… ALTA 2025-02-11
CVE-2024-40890 Zyxel DSL CPE Devices Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that co… ALTA 2025-02-11
CVE-2025-21418 Microsoft Windows Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows… ALTA 2025-02-11
CVE-2025-21391 Microsoft Windows Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulne… ALTA 2025-02-11
CVE-2025-0994 Trimble Cityworks Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote … ALTA 2025-02-07
CVE-2020-15069 Sophos XG Firewall Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookm… CRÍTICA 2025-02-06
CVE-2020-29574 Sophos CyberoamOS CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to exe… CRÍTICA 2025-02-06
CVE-2024-21413 Microsoft Office Outlook Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful… CRÍTICA 2025-02-06
CVE-2022-23748 Audinate Dante Discovery Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading att… ALTA 2025-02-06
CVE-2025-0411 7-Zip 7-Zip 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web … ALTA 2025-02-06
CVE-2024-53104 Linux Kernel Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class … ALTA 2025-02-05
CVE-2018-19410 Paessler PRTG Network Monitor Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attac… CRÍTICA 2025-02-04
CVE-2018-9276 Paessler PRTG Network Monitor Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrativ… ALTA 2025-02-04
CVE-2024-29059 Microsoft .NET Framework Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, u… ALTA 2025-02-04
CVE-2024-45195 Apache OFBiz Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access. ALTA 2025-02-04
CVE-2025-24085 Apple Multiple Products Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious applica… CRÍTICA 2025-01-29
CVE-2025-23006 SonicWall SMA1000 Appliances SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of … CRÍTICA 2025-01-24
CVE-2020-11023 JQuery JQuery JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input… MEDIA 2025-01-23
CVE-2024-50603 Aviatrix Controllers Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to exec… CRÍTICA 2025-01-16
CVE-2025-21335 Microsoft Windows Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacke… ALTA 2025-01-14
CVE-2025-21334 Microsoft Windows Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacke… ALTA 2025-01-14
CVE-2025-21333 Microsoft Windows Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a l… ALTA 2025-01-14
CVE-2024-55591 Fortinet FortiOS and FortiProxy Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remot… CRÍTICA 2025-01-14
CVE-2023-48365 Qlik Sense Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP req… CRÍTICA 2025-01-13
CVE-2024-12686 BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that c… MEDIA 2025-01-13
← Anterior Página 12 / 62 (1543 CVEs total) Siguiente →
[INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·