// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2022-40684	Fortinet Multiple Products	Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an…	CRÍTICA	2022-10-11
CVE-2022-41033	Microsoft Windows COM+ Event System Service	Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.	ALTA	2022-10-11
CVE-2022-41082	Microsoft Exchange Server	Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Du…	ALTA	2022-09-30
CVE-2022-41040	Microsoft Exchange Server	Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainab…	ALTA	2022-09-30
CVE-2022-36804	Atlassian Bitbucket Server and Data Center	Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an…	ALTA	2022-09-30
CVE-2022-3236	Sophos Firewall	A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.	CRÍTICA	2022-09-23
CVE-2022-35405	Zoho ManageEngine	Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allow…	CRÍTICA	2022-09-22
CVE-2022-40139	Trend Micro Apex One and Apex One as a Service	Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that cou…	ALTA	2022-09-15
CVE-2013-6282	Linux Kernel	The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM …	ALTA	2022-09-15
CVE-2013-2597	Code Aurora ACDB Audio Driver	The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability tha…	ALTA	2022-09-15
CVE-2013-2596	Linux Kernel	Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privi…	ALTA	2022-09-15
CVE-2013-2094	Linux Kernel	Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the p…	ALTA	2022-09-15
CVE-2010-2568	Microsoft Windows	Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating sys…	ALTA	2022-09-15
CVE-2022-37969	Microsoft Windows	Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege …	ALTA	2022-09-14
CVE-2022-32917	Apple iOS, iPadOS, and macOS	Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application m…	ALTA	2022-09-14
CVE-2022-3075	Google Chromium Mojo	Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has comp…	CRÍTICA	2022-09-08
CVE-2022-27593	QNAP Photo Station	Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource …	CRÍTICA	2022-09-08
CVE-2022-26258	D-Link DIR-820L	D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code…	CRÍTICA	2022-09-08
CVE-2020-9934	Apple iOS, iPadOS, and macOS	Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local at…	MEDIA	2022-09-08
CVE-2018-7445	MikroTik RouterOS	In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote att…	CRÍTICA	2022-09-08
CVE-2018-6530	D-Link Multiple Routers	Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.	CRÍTICA	2022-09-08
CVE-2018-2628	Oracle WebLogic Server	Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 networ…	CRÍTICA	2022-09-08
CVE-2018-13374	Fortinet FortiOS and FortiADC	Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP…	MEDIA	2022-09-08
CVE-2017-5521	NETGEAR Multiple Devices	Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management serve…	ALTA	2022-09-08
CVE-2011-4723	D-Link DIR-300 Router	The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive info…	MEDIA	2022-09-08

← Anterior Página 31 / 64 (1587 CVEs total) Siguiente →