CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1623
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-20253 Splunk Enterprise CRÍTICA 2026-06-18
CVE-2026-48907 Widget Factory Joomla Content Editor CRÍTICA 2026-06-16
CVE-2026-54420 LiteSpeed cPanel Plugin ALTA 2026-06-15
CVE-2026-20262 Cisco Catalyst SD-WAN Manager MEDIA 2026-06-15
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools CRÍTICA 2026-06-12
CVE-2026-10520 Ivanti Sentry CRÍTICA 2026-06-11
CVE-2026-11645 Google Chromium V8 ALTA 2026-06-09
CVE-2026-7473 Arista Extensible Operating System MEDIA 2026-06-09
CVE-2026-20245 Cisco Catalyst SD-WAN Manager ALTA 2026-06-09
CVE-2026-42271 BerriAI LiteLLM ALTA 2026-06-08

// top_vendors_afectados

Microsoft
16
Cisco
9
Apple
6
Ivanti
4
Google
4
Adobe
3
LiteSpeed
2
Oracle
2
BerriAI
2
SolarWinds
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2024-3400 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticat… CRÍTICA 2024-04-12
CVE-2024-3273 D-Link Multiple NAS Devices D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024… ALTA 2024-04-11
CVE-2024-3272 D-Link Multiple NAS Devices D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct au… CRÍTICA 2024-04-11
CVE-2024-29748 Android Pixel Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset trigge… ALTA 2024-04-04
CVE-2024-29745 Android Pixel Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flas… MEDIA 2024-04-04
CVE-2023-24955 Microsoft SharePoint Server Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Own… ALTA 2024-03-26
CVE-2019-7256 Nice Linear eMerge E3-Series Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote c… CRÍTICA 2024-03-25
CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauth… CRÍTICA 2024-03-25
CVE-2023-48788 Fortinet FortiClient EMS Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute comm… CRÍTICA 2024-03-25
CVE-2024-27198 JetBrains TeamCity JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. CRÍTICA 2024-03-07
CVE-2024-23225 Apple Multiple Products Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an a… ALTA 2024-03-06
CVE-2024-23296 Apple Multiple Products Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker wit… ALTA 2024-03-06
CVE-2023-21237 Android Pixel Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, prov… MEDIA 2024-03-05
CVE-2021-36380 Sunhillo SureLine Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service o… CRÍTICA 2024-03-05
CVE-2024-21338 Microsoft Windows Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (inp… ALTA 2024-03-04
CVE-2023-29360 Microsoft Streaming Service Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalatio… ALTA 2024-02-29
CVE-2024-1709 ConnectWise ScreenConnect ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access t… CRÍTICA 2024-02-22
CVE-2020-3259 Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerabil… ALTA 2024-02-15
CVE-2024-21410 Microsoft Exchange Server Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CRÍTICA 2024-02-15
CVE-2024-21412 Microsoft Windows Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypa… ALTA 2024-02-13
CVE-2024-21351 Microsoft Windows Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Sm… ALTA 2024-02-13
CVE-2023-43770 Roundcube Webmail Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosur… MEDIA 2024-02-12
CVE-2024-21762 Fortinet FortiOS Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute … CRÍTICA 2024-02-09
CVE-2023-4762 Google Chromium V8 Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted … ALTA 2024-02-06
CVE-2022-48618 Apple Multiple Products Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerabilit… ALTA 2024-01-31
← Anterior Página 22 / 65 (1623 CVEs total) Siguiente →
[INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·  [INFO] CVE-2026-45321: Vulnerabilidad crítica en TanStack permite robo de credenciales mediante paquetes npm maliciosos  ·  [INFO] CVE-2026-0257: Bypass de Autenticación Crítico en Palo Alto Networks PAN-OS Explotado Activamente  ·  [INFO] CVE-2024-21182: Vulnerabilidad Crítica en Oracle WebLogic Server Explotada Activamente  ·  [INFO] CVE-2026-45247: Deserialización en Mirasvit Full Page Cache Warmer permite RCE no autenticado  ·  [INFO] CVE-2025-48595: Desbordamiento de Entero en Android Framework con Escalada de Privilegios Local  ·