// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

▶ ¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

🟢 BAJA — 0 CVEs nuevos en el feed reciente
🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

CVEs añadidos este mes

1587

Total KEV catalogados

Vendors afectados

// cves_añadidos_este_mes

CVE	Producto	Criticidad	Añadido
CVE-2026-31431	Linux Kernel	ALTA	2026-05-01

// top_vendors_afectados

Microsoft

19

Cisco

7

Apple

7

Synacor

4

Google

4

Fortinet

3

Ivanti

3

SolarWinds

3

SmarterTools

3

Linux

2

// catalogo_kev_completo

CVE ID	Producto	Descripción	CVSS	Añadido
CVE-2021-25297	Nagios Nagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	ALTA	2022-01-18
CVE-2021-25298	Nagios Nagios XI	Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.	ALTA	2022-01-18
CVE-2021-40870	Aviatrix Aviatrix Controller	Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitr…	CRÍTICA	2022-01-18
CVE-2021-33766	Microsoft Exchange Server	Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker …	ALTA	2022-01-18
CVE-2021-21975	VMware vRealize Operations Manager API	Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with net…	ALTA	2022-01-18
CVE-2021-21315	Npm package System Information Library for Node.JS	In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful …	ALTA	2022-01-18
CVE-2021-22991	F5 BIG-IP Traffic Management Microkernel	The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassin…	CRÍTICA	2022-01-18
CVE-2020-14864	Oracle Intelligence Enterprise Edition	Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage functi…	ALTA	2022-01-18
CVE-2020-13671	Drupal Drupal core	Improper sanitization in the extension file names is present in Drupal core.	ALTA	2022-01-18
CVE-2020-11978	Apache Airflow	A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.	ALTA	2022-01-18
CVE-2020-13927	Apache Airflow's Experimental API	The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.	CRÍTICA	2022-01-18
CVE-2021-22017	VMware vCenter Server	Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.	MEDIA	2022-01-10
CVE-2021-36260	Hikvision Security cameras web server	A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.	CRÍTICA	2022-01-10
CVE-2020-6572	Google Chrome Media	Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted…	ALTA	2022-01-10
CVE-2019-1458	Microsoft Win32k	A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in me…	ALTA	2022-01-10
CVE-2013-3900	Microsoft WinVerifyTrust function	A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode s…	MEDIA	2022-01-10
CVE-2019-2725	Oracle WebLogic Server	Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services…	CRÍTICA	2022-01-10
CVE-2019-9670	Synacor Zimbra Collaboration Suite (ZCS)	Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in…	CRÍTICA	2022-01-10
CVE-2018-13382	Fortinet FortiOS and FortiProxy	An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthent…	CRÍTICA	2022-01-10
CVE-2018-13383	Fortinet FortiOS and FortiProxy	A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in u…	MEDIA	2022-01-10
CVE-2019-1579	Palo Alto Networks PAN-OS	Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.	ALTA	2022-01-10
CVE-2019-10149	Exim Mail Transfer Agent (MTA)	Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command exe…	CRÍTICA	2022-01-10
CVE-2015-7450	IBM WebSphere Application Server and Server Hypervisor Edition	Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and…	CRÍTICA	2022-01-10
CVE-2017-1000486	Primetek Primefaces Application	Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution	CRÍTICA	2022-01-10
CVE-2019-7609	Elastic Kibana	Kibana contain an arbitrary code execution flaw in the Timelion visualizer.	CRÍTICA	2022-01-10

← Anterior Página 51 / 64 (1587 CVEs total) Siguiente →