CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2022-27925 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attac… ALTA 2022-08-11
CVE-2022-37042 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This … CRÍTICA 2022-08-11
CVE-2022-34713 Microsoft Windows A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a callin… ALTA 2022-08-09
CVE-2022-30333 RARLAB UnRAR RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files dur… ALTA 2022-08-09
CVE-2022-27924 Synacor Zimbra Collaboration Suite (ZCS) Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which … ALTA 2022-08-04
CVE-2022-26138 Atlassian Confluence Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A r… CRÍTICA 2022-07-29
CVE-2022-22047 Microsoft Windows Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. ALTA 2022-07-12
CVE-2022-26925 Microsoft Windows Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the dom… ALTA 2022-07-01
CVE-2022-29499 Mitel MiVoice Connect The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. CRÍTICA 2022-06-27
CVE-2021-30533 Google Chromium PopupBlocker Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to… MEDIA 2022-06-27
CVE-2021-4034 Red Hat Polkit The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege esca… ALTA 2022-06-27
CVE-2021-30983 Apple iOS and iPadOS Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kerne… ALTA 2022-06-27
CVE-2020-3837 Apple Multiple Products Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application t… ALTA 2022-06-27
CVE-2020-9907 Apple Multiple Products Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code w… ALTA 2022-06-27
CVE-2019-8605 Apple Multiple Products A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute co… ALTA 2022-06-27
CVE-2018-4344 Apple Multiple Products Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. ALTA 2022-06-27
CVE-2022-30190 Microsoft Windows A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such… ALTA 2022-06-14
CVE-2021-38163 SAP NetWeaver SAP NetWeaver contains a vulnerability that allows unrestricted file upload. CRÍTICA 2022-06-09
CVE-2016-2386 SAP NetWeaver SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arb… CRÍTICA 2022-06-09
CVE-2016-2388 SAP NetWeaver The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user info… MEDIA 2022-06-09
CVE-2019-7195 QNAP Photo Station QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attac… CRÍTICA 2022-06-08
CVE-2019-7194 QNAP Photo Station QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attac… CRÍTICA 2022-06-08
CVE-2019-7193 QNAP QTS QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. CRÍTICA 2022-06-08
CVE-2019-7192 QNAP Photo Station QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to ga… CRÍTICA 2022-06-08
CVE-2019-5825 Google Chromium V8 Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially ex… MEDIA 2022-06-08
← Anterior Página 31 / 62 (1543 CVEs total) Siguiente →
[INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·  [INFO] Las fallas de inteligencia artificial en Amazon Bedrock, LangSmith y SGLang permiten la exfiltración de datos y el RCE...  ·  [INFO] El ransomware LeakNet usa ClickFix a través de sitios pirateados e implementa el cargador en memoria Deno...  ·  [INFO] La IA está en todas partes, pero los CISO siguen protegiéndola con las habilidades y herramientas de ayer, según un estudio...  ·  [INFO] Konni implementa EndRAT mediante suplantación de identidad y usa KakaoTalk para propagar malware...  ·  [INFO] La CISA señala la vulnerabilidad Wing FTP explotada activamente que filtra las rutas de los servidores...  ·