// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2022-33891	Apache Spark	Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) …	ALTA	2023-03-07
CVE-2022-35914	Teclib GLPI	Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.	CRÍTICA	2023-03-07
CVE-2022-36537	ZK Framework AuUploader	ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the cont…	ALTA	2023-02-27
CVE-2022-47986	IBM Aspera Faspex	IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.	CRÍTICA	2023-02-21
CVE-2022-41223	Mitel MiVoice Connect	The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execut…	MEDIA	2023-02-21
CVE-2022-40765	Mitel MiVoice Connect	The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to ex…	MEDIA	2023-02-21
CVE-2022-46169	Cacti Cacti	Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.	CRÍTICA	2023-02-16
CVE-2023-21715	Microsoft Office	Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated atta…	ALTA	2023-02-14
CVE-2023-23376	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege …	ALTA	2023-02-14
CVE-2023-23529	Apple Multiple Products	Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when pro…	ALTA	2023-02-14
CVE-2023-21823	Microsoft Windows	Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.	ALTA	2023-02-14
CVE-2015-2291	Intel Ethernet Diagnostics Driver for Windows	Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allow…	ALTA	2023-02-10
CVE-2022-24990	TerraMaster TerraMaster OS	TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute command…	ALTA	2023-02-10
CVE-2023-0669	Fortra GoAnywhere MFT	Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the …	ALTA	2023-02-10
CVE-2022-21587	Oracle E-Business Suite	Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network acce…	CRÍTICA	2023-02-02
CVE-2023-22952	SugarCRM Multiple Products	Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially craft…	ALTA	2023-02-02
CVE-2017-11357	Telerik User Interface (UI) for ASP.NET AJAX	Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can resul…	CRÍTICA	2023-01-26
CVE-2022-47966	Zoho ManageEngine	Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of …	CRÍTICA	2023-01-23
CVE-2022-44877	CWP Control Web Panel	CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote att…	CRÍTICA	2023-01-17
CVE-2022-41080	Microsoft Exchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerabilit…	ALTA	2023-01-10
CVE-2023-21674	Microsoft Windows	Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege …	ALTA	2023-01-10
CVE-2018-5430	TIBCO JasperReports	TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the conte…	ALTA	2022-12-29
CVE-2018-18809	TIBCO JasperReports	TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access cont…	MEDIA	2022-12-29
CVE-2022-42856	Apple iOS	Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execu…	ALTA	2022-12-14
CVE-2022-42475	Fortinet FortiOS	Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an una…	CRÍTICA	2022-12-13

← Anterior Página 29 / 64 (1587 CVEs total) Siguiente →