// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1622

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-48907	Widget Factory Joomla Content Editor	—	2026-06-16
CVE-2026-54420	LiteSpeed cPanel Plugin	ALTA	2026-06-15
CVE-2026-20262	Cisco Catalyst SD-WAN Manager	MEDIA	2026-06-15
CVE-2026-35273	Oracle PeopleSoft Enterprise PeopleTools	CRÍTICA	2026-06-12
CVE-2026-10520	Ivanti Sentry	CRÍTICA	2026-06-11
CVE-2026-11645	Google Chromium V8	ALTA	2026-06-09
CVE-2026-7473	Arista Extensible Operating System	MEDIA	2026-06-09
CVE-2026-20245	Cisco Catalyst SD-WAN Manager	ALTA	2026-06-09
CVE-2026-42271	BerriAI LiteLLM	ALTA	2026-06-08
CVE-2026-50751	Check Point Security Gateway	CRÍTICA	2026-06-08

// top_vendors_afectados

Microsoft

16

Cisco

9

Apple

6

Ivanti

4

Google

4

Adobe

3

LiteSpeed

2

Oracle

2

BerriAI

2

SolarWinds

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2024-11182	MDaemon Email Server	MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrar…	MEDIA	2025-05-19
CVE-2025-4428	Ivanti Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authe…	ALTA	2025-05-19
CVE-2025-4427	Ivanti Endpoint Manager Mobile (EPMM)	Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows …	MEDIA	2025-05-19
CVE-2025-42999	SAP NetWeaver	SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attac…	CRÍTICA	2025-05-15
CVE-2024-12987	DrayTek Vigor Routers	DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown fun…	ALTA	2025-05-15
CVE-2025-32756	Fortinet Multiple Products	Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a re…	CRÍTICA	2025-05-14
CVE-2025-32709	Microsoft Windows	Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authoriz…	ALTA	2025-05-13
CVE-2025-30397	Microsoft Windows	Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to exec…	ALTA	2025-05-13
CVE-2025-32706	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows …	ALTA	2025-05-13
CVE-2025-32701	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorize…	ALTA	2025-05-13
CVE-2025-30400	Microsoft Windows	Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevat…	ALTA	2025-05-13
CVE-2025-47729	TeleMessage TM SGNL	TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies…	BAJA	2025-05-12
CVE-2024-11120	GeoVision Multiple Devices	Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker…	CRÍTICA	2025-05-07
CVE-2024-6047	GeoVision Multiple Devices	Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker…	CRÍTICA	2025-05-07
CVE-2025-27363	FreeType FreeType	FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to Tru…	ALTA	2025-05-06
CVE-2025-3248	Langflow Langflow	Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, un…	CRÍTICA	2025-05-05
CVE-2025-34028	Commvault Command Center	Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to exec…	CRÍTICA	2025-05-02
CVE-2024-58136	Yiiframework Yii	Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execu…	CRÍTICA	2025-05-02
CVE-2024-38475	Apache HTTP Server	Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map …	CRÍTICA	2025-05-01
CVE-2023-44221	SonicWall SMA100 Appliances	SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allo…	ALTA	2025-05-01
CVE-2025-31324	SAP NetWeaver	SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unaut…	CRÍTICA	2025-04-29
CVE-2025-1976	Broadcom Brocade Fabric OS	Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privile…	MEDIA	2025-04-28
CVE-2025-42599	Qualitia Active! Mail	Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attack…	CRÍTICA	2025-04-28
CVE-2025-3928	Commvault Web Server	Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and e…	ALTA	2025-04-28
CVE-2025-24054	Microsoft Windows	Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized atta…	MEDIA	2025-04-17

← Anterior Página 12 / 65 (1622 CVEs total) Siguiente →