CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2018-7445 MikroTik RouterOS In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote att… CRÍTICA 2022-09-08
CVE-2018-6530 D-Link Multiple Routers Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands. CRÍTICA 2022-09-08
CVE-2018-2628 Oracle WebLogic Server Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 networ… CRÍTICA 2022-09-08
CVE-2018-13374 Fortinet FortiOS and FortiADC Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP… MEDIA 2022-09-08
CVE-2017-5521 NETGEAR Multiple Devices Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management serve… ALTA 2022-09-08
CVE-2011-4723 D-Link DIR-300 Router The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive info… MEDIA 2022-09-08
CVE-2011-1823 Android Android OS The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to … ALTA 2022-09-08
CVE-2022-26352 dotCMS dotCMS dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for … CRÍTICA 2022-08-25
CVE-2022-24706 Apache CouchDB Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to esc… CRÍTICA 2022-08-25
CVE-2022-24112 Apache APISIX Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. CRÍTICA 2022-08-25
CVE-2022-22963 VMware Tanzu Spring Cloud When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specia… CRÍTICA 2022-08-25
CVE-2022-2294 WebRTC WebRTC WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vul… ALTA 2022-08-25
CVE-2021-39226 Grafana Labs Grafana Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and… CRÍTICA 2022-08-25
CVE-2021-38406 Delta Electronics DOPSoft 2 Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper… ALTA 2022-08-25
CVE-2021-31010 Apple iOS, macOS, watchOS In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictio… ALTA 2022-08-25
CVE-2020-36193 PEAR Archive_Tar PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links.… ALTA 2022-08-25
CVE-2020-28949 PEAR Archive_Tar PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PH… ALTA 2022-08-25
CVE-2022-0028 Palo Alto Networks PAN-OS A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct refle… ALTA 2022-08-22
CVE-2022-22536 SAP Multiple Products SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP… CRÍTICA 2022-08-18
CVE-2022-32894 Apple iOS and macOS Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with k… ALTA 2022-08-18
CVE-2022-32893 Apple iOS and macOS Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when proces… ALTA 2022-08-18
CVE-2022-2856 Google Chromium Intents Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attac… MEDIA 2022-08-18
CVE-2022-26923 Microsoft Active Directory An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate fr… ALTA 2022-08-18
CVE-2022-21971 Microsoft Windows Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. ALTA 2022-08-18
CVE-2017-15944 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when… CRÍTICA 2022-08-18
← Anterior Página 30 / 62 (1543 CVEs total) Siguiente →
[INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·  [INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·