CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2024-38812 VMware vCenter Server VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol.… CRÍTICA 2024-11-20
CVE-2024-9474 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through t… ALTA 2024-11-18
CVE-2024-0012 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for sev… CRÍTICA 2024-11-18
CVE-2024-1212 Progress Kemp LoadMaster Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker… CRÍTICA 2024-11-18
CVE-2024-9465 Palo Alto Networks Expedition Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal … CRÍTICA 2024-11-14
CVE-2024-9463 Palo Alto Networks Expedition Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to… ALTA 2024-11-14
CVE-2021-26086 Atlassian Jira Server and Data Center Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read part… MEDIA 2024-11-12
CVE-2014-2120 Cisco Adaptive Security Appliance (ASA) Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. T… MEDIA 2024-11-12
CVE-2021-41277 Metabase Metabase Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted d… CRÍTICA 2024-11-12
CVE-2024-43451 Microsoft Windows Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash t… MEDIA 2024-11-12
CVE-2024-49039 Microsoft Windows Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, loc… ALTA 2024-11-12
CVE-2019-16278 Nostromo nhttpd Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd ser… CRÍTICA 2024-11-07
CVE-2024-51567 CyberPersons CyberPanel CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to ex… CRÍTICA 2024-11-07
CVE-2024-43093 Android Framework Android Framework contains an unspecified vulnerability that allows for privilege escalation. ALTA 2024-11-07
CVE-2024-5910 Palo Alto Networks Expedition Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network acce… CRÍTICA 2024-11-07
CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, … CRÍTICA 2024-11-04
CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attac… ALTA 2024-11-04
CVE-2024-37383 Roundcube Webmail RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that al… MEDIA 2024-10-24
CVE-2024-20481 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after … MEDIA 2024-10-24
CVE-2024-47575 Fortinet FortiManager Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthe… CRÍTICA 2024-10-23
CVE-2024-38094 Microsoft SharePoint Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. ALTA 2024-10-22
CVE-2024-9537 ScienceLogic SL1 ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party compon… CRÍTICA 2024-10-21
CVE-2024-40711 Veeam Backup & Replication Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remot… CRÍTICA 2024-10-17
CVE-2024-28987 SolarWinds Web Help Desk SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user … CRÍTICA 2024-10-15
CVE-2024-9680 Mozilla Firefox Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code exec… CRÍTICA 2024-10-15
← Anterior Página 14 / 62 (1543 CVEs total) Siguiente →
[INFO] El ataque GlassWorm utiliza tokens de GitHub robados para forzar el envío de malware a los repositorios de Python...  ·  [INFO] CVE-2025-47813: Vulnerabilidad de Divulgación de Información en Wing FTP Server  ·  [INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] El ataque GlassWorm utiliza tokens de GitHub robados para forzar el envío de malware a los repositorios de Python...  ·  [INFO] CVE-2025-47813: Vulnerabilidad de Divulgación de Información en Wing FTP Server  ·  [INFO] ⚡ Resumen semanal: Chrome 0 días, redes de bots de enrutadores, violación de AWS, agentes de IA no autorizados y más...  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·