CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2023-23397 Microsoft Office Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against anot… CRÍTICA 2023-03-14
CVE-2023-24880 Microsoft Windows Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Ma… MEDIA 2023-03-14
CVE-2022-41328 Fortinet FortiOS Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write f… MEDIA 2023-03-14
CVE-2021-39144 XStream XStream XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream… ALTA 2023-03-10
CVE-2020-5741 Plex Media Server Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server admi… ALTA 2023-03-10
CVE-2022-28810 Zoho ManageEngine Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when perf… MEDIA 2023-03-07
CVE-2022-33891 Apache Spark Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) … ALTA 2023-03-07
CVE-2022-35914 Teclib GLPI Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. CRÍTICA 2023-03-07
CVE-2022-36537 ZK Framework AuUploader ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the cont… ALTA 2023-02-27
CVE-2022-47986 IBM Aspera Faspex IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. CRÍTICA 2023-02-21
CVE-2022-41223 Mitel MiVoice Connect The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execut… MEDIA 2023-02-21
CVE-2022-40765 Mitel MiVoice Connect The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to ex… MEDIA 2023-02-21
CVE-2022-46169 Cacti Cacti Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code. CRÍTICA 2023-02-16
CVE-2023-21715 Microsoft Office Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated atta… ALTA 2023-02-14
CVE-2023-23376 Microsoft Windows Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege … ALTA 2023-02-14
CVE-2023-23529 Apple Multiple Products Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when pro… ALTA 2023-02-14
CVE-2023-21823 Microsoft Windows Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. ALTA 2023-02-14
CVE-2015-2291 Intel Ethernet Diagnostics Driver for Windows Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allow… ALTA 2023-02-10
CVE-2022-24990 TerraMaster TerraMaster OS TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute command… ALTA 2023-02-10
CVE-2023-0669 Fortra GoAnywhere MFT Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the … ALTA 2023-02-10
CVE-2022-21587 Oracle E-Business Suite Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network acce… CRÍTICA 2023-02-02
CVE-2023-22952 SugarCRM Multiple Products Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially craft… ALTA 2023-02-02
CVE-2017-11357 Telerik User Interface (UI) for ASP.NET AJAX Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can resul… CRÍTICA 2023-01-26
CVE-2022-47966 Zoho ManageEngine Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of … CRÍTICA 2023-01-23
CVE-2022-44877 CWP Control Web Panel CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote att… CRÍTICA 2023-01-17
← Anterior Página 27 / 62 (1543 CVEs total) Siguiente →
[INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·  [INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·