CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1623
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-20253 Splunk Enterprise CRÍTICA 2026-06-18
CVE-2026-48907 Widget Factory Joomla Content Editor CRÍTICA 2026-06-16
CVE-2026-54420 LiteSpeed cPanel Plugin ALTA 2026-06-15
CVE-2026-20262 Cisco Catalyst SD-WAN Manager MEDIA 2026-06-15
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools CRÍTICA 2026-06-12
CVE-2026-10520 Ivanti Sentry CRÍTICA 2026-06-11
CVE-2026-11645 Google Chromium V8 ALTA 2026-06-09
CVE-2026-7473 Arista Extensible Operating System MEDIA 2026-06-09
CVE-2026-20245 Cisco Catalyst SD-WAN Manager ALTA 2026-06-09
CVE-2026-42271 BerriAI LiteLLM ALTA 2026-06-08

// top_vendors_afectados

Microsoft
16
Cisco
9
Apple
6
Ivanti
4
Google
4
Adobe
3
LiteSpeed
2
Oracle
2
BerriAI
2
SolarWinds
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2024-38094 Microsoft SharePoint Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. ALTA 2024-10-22
CVE-2024-9537 ScienceLogic SL1 ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party compon… CRÍTICA 2024-10-21
CVE-2024-40711 Veeam Backup & Replication Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remot… CRÍTICA 2024-10-17
CVE-2024-28987 SolarWinds Web Help Desk SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user … CRÍTICA 2024-10-15
CVE-2024-9680 Mozilla Firefox Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code exec… CRÍTICA 2024-10-15
CVE-2024-30088 Microsoft Windows Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow… ALTA 2024-10-15
CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console whic… ALTA 2024-10-09
CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior… MEDIA 2024-10-09
CVE-2024-23113 Fortinet Multiple Products Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauth… CRÍTICA 2024-10-09
CVE-2024-43573 Microsoft Windows Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidenti… MEDIA 2024-10-08
CVE-2024-43572 Microsoft Windows Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution. ALTA 2024-10-08
CVE-2024-43047 Qualcomm Multiple Chipsets Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while mainta… ALTA 2024-10-08
CVE-2024-45519 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allo… CRÍTICA 2024-10-03
CVE-2024-29824 Ivanti Endpoint Manager (EPM) Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated atta… ALTA 2024-10-02
CVE-2019-0344 SAP Commerce Cloud SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the med… CRÍTICA 2024-09-30
CVE-2020-15415 DrayTek Multiple Vigor Routers DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfuncti… CRÍTICA 2024-09-30
CVE-2023-25280 D-Link DIR-820 Router D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to … CRÍTICA 2024-09-30
CVE-2024-7593 Ivanti Virtual Traffic Manager Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated at… CRÍTICA 2024-09-24
CVE-2024-8963 Ivanti Cloud Services Appliance (CSA) Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticate… CRÍTICA 2024-09-19
CVE-2020-14644 Oracle WebLogic Server Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthe… CRÍTICA 2024-09-18
CVE-2022-21445 Oracle ADF Faces Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vu… CRÍTICA 2024-09-18
CVE-2020-0618 Microsoft SQL Server Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectl… ALTA 2024-09-18
CVE-2024-27348 Apache HugeGraph-Server Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute… CRÍTICA 2024-09-18
CVE-2014-0502 Adobe Flash Player Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. ALTA 2024-09-17
CVE-2013-0648 Adobe Flash Player Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allow… ALTA 2024-09-17
← Anterior Página 18 / 65 (1623 CVEs total) Siguiente →
[INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·  [INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·