CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

14
CVEs añadidos este mes
1543
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
14
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2022-21999 Microsoft Windows Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. ALTA 2022-03-25
CVE-2021-42237 Sitecore XP Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. CRÍTICA 2022-03-25
CVE-2021-22941 Citrix ShareFile Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely … CRÍTICA 2022-03-25
CVE-2020-9377 D-Link DIR-610 Devices D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. ALTA 2022-03-25
CVE-2020-9054 Zyxel Multiple Network-Attached Storage (NAS) Devices Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, whi… CRÍTICA 2022-03-25
CVE-2020-7247 OpenBSD OpenSMTPD smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute… CRÍTICA 2022-03-25
CVE-2020-5410 VMware Tanzu Spring Cloud Configuration (Config) Server Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitra… ALTA 2022-03-25
CVE-2020-25223 Sophos SG UTM A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. CRÍTICA 2022-03-25
CVE-2020-2506 QNAP Systems Helpdesk QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to … ALTA 2022-03-25
CVE-2020-2021 Palo Alto Networks PAN-OS Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. CRÍTICA 2022-03-25
CVE-2020-1956 Apache Kylin Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execu… ALTA 2022-03-25
CVE-2020-1631 Juniper Junos OS A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewal… ALTA 2022-03-25
CVE-2019-6340 Drupal Core In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP co… ALTA 2022-03-25
CVE-2019-2616 Oracle BI Publisher (Formerly XML Publisher) Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized… ALTA 2022-03-25
CVE-2019-16920 D-Link Multiple Routers Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system comp… CRÍTICA 2022-03-25
CVE-2019-15107 Webmin Webmin An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. CRÍTICA 2022-03-25
CVE-2019-12991 Citrix SD-WAN and NetScaler Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. ALTA 2022-03-25
CVE-2019-12989 Citrix SD-WAN and NetScaler Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. CRÍTICA 2022-03-25
CVE-2019-11043 PHP FastCGI Process Manager (FPM) In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past alloca… ALTA 2022-03-25
CVE-2019-10068 Kentico Xperience Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code ex… CRÍTICA 2022-03-25
CVE-2019-1003030 Jenkins Matrix Project Plugin Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity… CRÍTICA 2022-03-25
CVE-2019-0903 Microsoft Graphics Device Interface (GDI) A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles object… ALTA 2022-03-25
CVE-2018-8414 Microsoft Windows A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. ALTA 2022-03-25
CVE-2018-8373 Microsoft Internet Explorer Scripting Engine A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet… ALTA 2022-03-25
CVE-2018-6961 VMware SD-WAN Edge VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful ex… ALTA 2022-03-25
← Anterior Página 40 / 62 (1543 CVEs total) Siguiente →
[INFO] Nueve fallos críticos de KVM IP permiten el acceso root no autenticado en cuatro proveedores...  ·  [INFO] Claude Code Security y Magecart: Cómo definir bien el modelo de amenazas...  ·  [INFO] Tutorial del producto: Cómo Mesh CSMA revela y rompe los caminos de ataque hacia Crown Jewels...  ·  [INFO] El error CVE-2026-3888 de Ubuntu permite a los atacantes hacerse con el root mediante el exploit de sincronización de limpieza de ...  ·  [INFO] Una falla crítica de Telnetd sin parches (CVE-2026-32746) permite la RCE raíz no autenticada a través del puerto 23...  ·  [INFO] Nueve fallos críticos de KVM IP permiten el acceso root no autenticado en cuatro proveedores...  ·  [INFO] Claude Code Security y Magecart: Cómo definir bien el modelo de amenazas...  ·  [INFO] Tutorial del producto: Cómo Mesh CSMA revela y rompe los caminos de ataque hacia Crown Jewels...  ·  [INFO] El error CVE-2026-3888 de Ubuntu permite a los atacantes hacerse con el root mediante el exploit de sincronización de limpieza de ...  ·  [INFO] Una falla crítica de Telnetd sin parches (CVE-2026-32746) permite la RCE raíz no autenticada a través del puerto 23...  ·