// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2017-10271	Oracle WebLogic Server	Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution.	ALTA	2022-02-10
CVE-2017-0263	Microsoft Win32k	Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properl…	ALTA	2022-02-10
CVE-2017-0262	Microsoft Office	A remote code execution vulnerability exists in Microsoft Office.	ALTA	2022-02-10
CVE-2017-0145	Microsoft SMBv1	The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted p…	ALTA	2022-02-10
CVE-2017-0144	Microsoft SMBv1	The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted p…	ALTA	2022-02-10
CVE-2016-3088	Apache ActiveMQ	The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an …	CRÍTICA	2022-02-10
CVE-2015-2051	D-Link DIR-645 Router	D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings acti…	CRÍTICA	2022-02-10
CVE-2015-1635	Microsoft HTTP.sys	Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.	CRÍTICA	2022-02-10
CVE-2015-1130	Apple OS X	The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and …	ALTA	2022-02-10
CVE-2014-4404	Apple OS X	Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows atta…	ALTA	2022-02-10
CVE-2022-21882	Microsoft Win32k	Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.	ALTA	2022-02-04
CVE-2022-22587	Apple iOS and macOS	Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute…	CRÍTICA	2022-01-28
CVE-2021-20038	SonicWall SMA 100 Appliances	SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitat…	CRÍTICA	2022-01-28
CVE-2020-5722	Grandstream UCM6200	Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitat…	CRÍTICA	2022-01-28
CVE-2020-0787	Microsoft Windows	Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links.…	ALTA	2022-01-28
CVE-2017-5689	Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability	Intel products contain a vulnerability which can allow attackers to perform privilege escalation.	CRÍTICA	2022-01-28
CVE-2014-1776	Microsoft Internet Explorer	Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in …	CRÍTICA	2022-01-28
CVE-2014-6271	GNU Bourne-Again Shell (Bash)	GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, whic…	CRÍTICA	2022-01-28
CVE-2014-7169	GNU Bourne-Again Shell (Bash)	GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, whic…	CRÍTICA	2022-01-28
CVE-2006-1547	Apache Struts 1	ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of…	ALTA	2022-01-21
CVE-2012-0391	Apache Struts 2	The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability …	CRÍTICA	2022-01-21
CVE-2018-8453	Microsoft Win32k	Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.	ALTA	2022-01-21
CVE-2021-35247	SolarWinds Serv-U	SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers …	MEDIA	2022-01-21
CVE-2021-32648	October CMS October CMS	In affected versions of the october/system package an attacker can request an account password reset and then gain acce…	ALTA	2022-01-18
CVE-2021-25296	Nagios Nagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	ALTA	2022-01-18

← Anterior Página 50 / 64 (1587 CVEs total) Siguiente →