CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1623
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-20253 Splunk Enterprise CRÍTICA 2026-06-18
CVE-2026-48907 Widget Factory Joomla Content Editor CRÍTICA 2026-06-16
CVE-2026-54420 LiteSpeed cPanel Plugin ALTA 2026-06-15
CVE-2026-20262 Cisco Catalyst SD-WAN Manager MEDIA 2026-06-15
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools CRÍTICA 2026-06-12
CVE-2026-10520 Ivanti Sentry CRÍTICA 2026-06-11
CVE-2026-11645 Google Chromium V8 ALTA 2026-06-09
CVE-2026-7473 Arista Extensible Operating System MEDIA 2026-06-09
CVE-2026-20245 Cisco Catalyst SD-WAN Manager ALTA 2026-06-09
CVE-2026-42271 BerriAI LiteLLM ALTA 2026-06-08

// top_vendors_afectados

Microsoft
16
Cisco
9
Apple
6
Ivanti
4
Google
4
Adobe
3
LiteSpeed
2
Oracle
2
BerriAI
2
SolarWinds
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2013-0643 Adobe Flash Player Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote … ALTA 2024-09-17
CVE-2014-0497 Adobe Flash Player Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. CRÍTICA 2024-09-17
CVE-2024-6670 Progress WhatsUp Gold Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the us… CRÍTICA 2024-09-16
CVE-2024-43461 Microsoft Windows Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerabilit… ALTA 2024-09-16
CVE-2024-8190 Ivanti Cloud Services Appliance Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console whic… ALTA 2024-09-13
CVE-2024-38217 Microsoft Windows Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker … MEDIA 2024-09-10
CVE-2024-38014 Microsoft Windows Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gai… ALTA 2024-09-10
CVE-2024-38226 Microsoft Publisher Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro p… ALTA 2024-09-10
CVE-2024-40766 SonicWall SonicOS SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and… CRÍTICA 2024-09-09
CVE-2017-1000253 Linux Kernel Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary… ALTA 2024-09-09
CVE-2016-3714 ImageMagick ImageMagick ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW… ALTA 2024-09-09
CVE-2024-7262 Kingsoft WPS Office Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacke… ALTA 2024-09-03
CVE-2021-20124 DrayTek VigorConnect Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpo… ALTA 2024-09-03
CVE-2021-20123 DrayTek VigorConnect Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated at… ALTA 2024-09-03
CVE-2024-7965 Google Chromium V8 Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially … ALTA 2024-08-28
CVE-2024-38856 Apache OFBiz Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payl… CRÍTICA 2024-08-27
CVE-2024-7971 Google Chromium V8 Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via… CRÍTICA 2024-08-26
CVE-2024-39717 Versa Director The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administra… ALTA 2024-08-23
CVE-2021-31196 Microsoft Exchange Server Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. ALTA 2024-08-21
CVE-2022-0185 Linux Kernel Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem C… ALTA 2024-08-21
CVE-2021-33045 Dahua IP Camera Firmware Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specif… CRÍTICA 2024-08-21
CVE-2021-33044 Dahua IP Camera Firmware Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument… CRÍTICA 2024-08-21
CVE-2024-23897 Jenkins Jenkins Command Line Interface (CLI) Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access … CRÍTICA 2024-08-19
CVE-2024-28986 SolarWinds Web Help Desk SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code ex… CRÍTICA 2024-08-15
CVE-2024-38107 Microsoft Windows Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalati… ALTA 2024-08-13
← Anterior Página 19 / 65 (1623 CVEs total) Siguiente →
[INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·  [INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·