CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

16
CVEs añadidos este mes
1545
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2025-66376 Synacor Zimbra Collaboration Suite (ZCS) ALTA 2026-03-18
CVE-2026-20963 Microsoft SharePoint ALTA 2026-03-18
CVE-2025-47813 Wing FTP Server Wing FTP Server MEDIA 2026-03-16
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
Synacor
3
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2018-14847 MikroTik RouterOS MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated… CRÍTICA 2021-12-01
CVE-2021-37415 Zoho ManageEngine ServiceDesk Plus (SDP) Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs … CRÍTICA 2021-12-01
CVE-2021-40438 Apache Apache A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. T… CRÍTICA 2021-12-01
CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014… CRÍTICA 2021-12-01
CVE-2021-22204 Perl Exiftool Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code exe… MEDIA 2021-11-17
CVE-2021-40449 Microsoft Windows Unspecified vulnerability allows for an authenticated user to escalate privileges. ALTA 2021-11-17
CVE-2021-42321 Microsoft Exchange An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform … ALTA 2021-11-17
CVE-2021-42292 Microsoft Office A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. ALTA 2021-11-17
CVE-2021-27104 Accellion FTA Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endp… CRÍTICA 2021-11-03
CVE-2021-27102 Accellion FTA Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. ALTA 2021-11-03
CVE-2021-27101 Accellion FTA Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.… CRÍTICA 2021-11-03
CVE-2021-27103 Accellion FTA Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmPro… CRÍTICA 2021-11-03
CVE-2021-21017 Adobe Acrobat and Reader Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attac… ALTA 2021-11-03
CVE-2021-28550 Adobe Acrobat and Reader Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achiev… ALTA 2021-11-03
CVE-2018-4939 Adobe ColdFusion Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. CRÍTICA 2021-11-03
CVE-2018-15961 Adobe ColdFusion Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution. CRÍTICA 2021-11-03
CVE-2018-4878 Adobe Flash Player Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution. ALTA 2021-11-03
CVE-2020-5735 Amcrest Cameras and Network Video Recorder (NVR) Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthent… ALTA 2021-11-03
CVE-2019-2215 Android Android Kernel Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an applica… ALTA 2021-11-03
CVE-2020-0041 Android Android Kernel Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds … ALTA 2021-11-03
CVE-2020-0069 MediaTek Multiple Chipsets Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions… ALTA 2021-11-03
CVE-2017-9805 Apache Struts Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filte… ALTA 2021-11-03
CVE-2021-42013 Apache HTTP Server Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if … CRÍTICA 2021-11-03
CVE-2021-41773 Apache HTTP Server Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if … CRÍTICA 2021-11-03
CVE-2019-0211 Apache HTTP Server Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (in… ALTA 2021-11-03
← Anterior Página 51 / 62 (1545 CVEs total) Siguiente →
[INFO] La CISA advierte sobre las vulnerabilidades de Zimbra y SharePoint; los ataques de ransomware son un éxito de día cero para Cisco...  ·  [INFO] CVE-2026-20963: Vulnerabilidad Crítica en Microsoft SharePoint Explotada Activamente  ·  [INFO] La OFAC sanciona a una red de trabajadores de TI de la RPDC que financia programas de armas de destrucción masiva mediante falsos ...  ·  [INFO] CVE-2025-66376: Vulnerabilidad XSS en Synacor Zimbra Collaboration Suite  ·  [INFO] El ransomware Interlock aprovecha el CVE-2026-20131 de día cero de Cisco FMC para acceder a la raíz...  ·  [INFO] La CISA advierte sobre las vulnerabilidades de Zimbra y SharePoint; los ataques de ransomware son un éxito de día cero para Cisco...  ·  [INFO] CVE-2026-20963: Vulnerabilidad Crítica en Microsoft SharePoint Explotada Activamente  ·  [INFO] La OFAC sanciona a una red de trabajadores de TI de la RPDC que financia programas de armas de destrucción masiva mediante falsos ...  ·  [INFO] CVE-2025-66376: Vulnerabilidad XSS en Synacor Zimbra Collaboration Suite  ·  [INFO] El ransomware Interlock aprovecha el CVE-2026-20131 de día cero de Cisco FMC para acceder a la raíz...  ·