// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2020-5410	VMware Tanzu Spring Cloud Configuration (Config) Server	Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitra…	ALTA	2022-03-25
CVE-2020-25223	Sophos SG UTM	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.	CRÍTICA	2022-03-25
CVE-2020-2506	QNAP Systems Helpdesk	QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to …	ALTA	2022-03-25
CVE-2020-2021	Palo Alto Networks PAN-OS	Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.	CRÍTICA	2022-03-25
CVE-2020-1956	Apache Kylin	Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execu…	ALTA	2022-03-25
CVE-2020-1631	Juniper Junos OS	A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewal…	ALTA	2022-03-25
CVE-2019-6340	Drupal Core	In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP co…	ALTA	2022-03-25
CVE-2019-2616	Oracle BI Publisher (Formerly XML Publisher)	Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized…	ALTA	2022-03-25
CVE-2019-16920	D-Link Multiple Routers	Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system comp…	CRÍTICA	2022-03-25
CVE-2019-15107	Webmin Webmin	An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.	CRÍTICA	2022-03-25
CVE-2019-12991	Citrix SD-WAN and NetScaler	Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.	ALTA	2022-03-25
CVE-2019-12989	Citrix SD-WAN and NetScaler	Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.	CRÍTICA	2022-03-25
CVE-2019-11043	PHP FastCGI Process Manager (FPM)	In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past alloca…	ALTA	2022-03-25
CVE-2019-10068	Kentico Xperience	Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code ex…	CRÍTICA	2022-03-25
CVE-2019-1003030	Jenkins Matrix Project Plugin	Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity…	CRÍTICA	2022-03-25
CVE-2019-0903	Microsoft Graphics Device Interface (GDI)	A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles object…	ALTA	2022-03-25
CVE-2018-8414	Microsoft Windows	A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.	ALTA	2022-03-25
CVE-2018-8373	Microsoft Internet Explorer Scripting Engine	A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet…	ALTA	2022-03-25
CVE-2018-6961	VMware SD-WAN Edge	VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful ex…	ALTA	2022-03-25
CVE-2018-14839	LG N1A1 NAS	LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.	CRÍTICA	2022-03-25
CVE-2018-1273	VMware Tanzu Spring Data Commons	Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code executi…	CRÍTICA	2022-03-25
CVE-2018-11138	Quest KACE System Management Appliance	The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonym…	CRÍTICA	2022-03-25
CVE-2018-0147	Cisco Secure Access Control System (ACS)	A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated…	CRÍTICA	2022-03-25
CVE-2018-0125	Cisco VPN Routers	A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execut…	CRÍTICA	2022-03-25
CVE-2017-6334	NETGEAR DGN2200 Devices	dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute a…	ALTA	2022-03-25

← Anterior Página 42 / 64 (1587 CVEs total) Siguiente →