// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2024-7262	Kingsoft WPS Office	Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacke…	ALTA	2024-09-03
CVE-2021-20124	DrayTek VigorConnect	Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpo…	ALTA	2024-09-03
CVE-2021-20123	DrayTek VigorConnect	Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated at…	ALTA	2024-09-03
CVE-2024-7965	Google Chromium V8	Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially …	ALTA	2024-08-28
CVE-2024-38856	Apache OFBiz	Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payl…	CRÍTICA	2024-08-27
CVE-2024-7971	Google Chromium V8	Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via…	CRÍTICA	2024-08-26
CVE-2024-39717	Versa Director	The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administra…	ALTA	2024-08-23
CVE-2021-31196	Microsoft Exchange Server	Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.	ALTA	2024-08-21
CVE-2022-0185	Linux Kernel	Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem C…	ALTA	2024-08-21
CVE-2021-33045	Dahua IP Camera Firmware	Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specif…	CRÍTICA	2024-08-21
CVE-2021-33044	Dahua IP Camera Firmware	Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument…	CRÍTICA	2024-08-21
CVE-2024-23897	Jenkins Jenkins Command Line Interface (CLI)	Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access …	CRÍTICA	2024-08-19
CVE-2024-28986	SolarWinds Web Help Desk	SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code ex…	CRÍTICA	2024-08-15
CVE-2024-38107	Microsoft Windows	Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalati…	ALTA	2024-08-13
CVE-2024-38106	Microsoft Windows	Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local a…	ALTA	2024-08-13
CVE-2024-38193	Microsoft Windows	Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege…	ALTA	2024-08-13
CVE-2024-38213	Microsoft Windows	Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Sm…	MEDIA	2024-08-13
CVE-2024-38178	Microsoft Windows	Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to i…	ALTA	2024-08-13
CVE-2024-38189	Microsoft Project	Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.	ALTA	2024-08-13
CVE-2024-32113	Apache OFBiz	Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution.	CRÍTICA	2024-08-07
CVE-2024-36971	Android Kernel	Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability r…	ALTA	2024-08-07
CVE-2018-0824	Microsoft Windows	Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalati…	ALTA	2024-08-05
CVE-2024-37085	VMware ESXi	VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) pe…	MEDIA	2024-07-30
CVE-2023-45249	Acronis Cyber Infrastructure (ACI)	Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of defaul…	CRÍTICA	2024-07-29
CVE-2024-5217	ServiceNow Utah, Vancouver, and Washington DC Now Platform	ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs …	CRÍTICA	2024-07-29

← Anterior Página 18 / 64 (1587 CVEs total) Siguiente →