CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

13
CVEs añadidos este mes
1542
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05
CVE-2021-30952 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2023-0386 Linux Kernel Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the… ALTA 2025-06-17
CVE-2023-33538 TP-Link Multiple Routers TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the compon… ALTA 2025-06-16
CVE-2025-43200 Apple Multiple Products Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously cra… MEDIA 2025-06-16
CVE-2025-33053 Microsoft Windows Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execu… ALTA 2025-06-10
CVE-2025-24016 Wazuh Wazuh Server Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers. CRÍTICA 2025-06-10
CVE-2024-42009 Roundcube Webmail RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to st… CRÍTICA 2025-06-09
CVE-2025-32433 Erlang Erlang/OTP Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an… CRÍTICA 2025-06-09
CVE-2025-5419 Google Chromium V8 Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potenti… ALTA 2025-06-05
CVE-2025-21479 Qualcomm Multiple Chipsets Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corru… ALTA 2025-06-03
CVE-2025-21480 Qualcomm Multiple Chipsets Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corru… ALTA 2025-06-03
CVE-2025-27038 Qualcomm Multiple Chipsets Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption whil… ALTA 2025-06-03
CVE-2021-32030 ASUS Routers ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to g… CRÍTICA 2025-06-02
CVE-2025-3935 ConnectWise ScreenConnect ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState… ALTA 2025-06-02
CVE-2025-35939 Craft CMS Craft CMS Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow… MEDIA 2025-06-02
CVE-2024-56145 Craft CMS Craft CMS Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution… CRÍTICA 2025-06-02
CVE-2023-39780 ASUS RT-AX55 Routers ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to… ALTA 2025-06-02
CVE-2025-4632 Samsung MagicINFO 9 Server Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as s… CRÍTICA 2025-05-22
CVE-2023-38950 ZKTeco BioTime ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to rea… ALTA 2025-05-19
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra we… MEDIA 2025-05-19
CVE-2025-27920 Srimax Output Messenger Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files … ALTA 2025-05-19
CVE-2024-11182 MDaemon Email Server MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrar… MEDIA 2025-05-19
CVE-2025-4428 Ivanti Endpoint Manager Mobile (EPMM) Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authe… ALTA 2025-05-19
CVE-2025-4427 Ivanti Endpoint Manager Mobile (EPMM) Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows … MEDIA 2025-05-19
CVE-2025-42999 SAP NetWeaver SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attac… CRÍTICA 2025-05-15
CVE-2024-12987 DrayTek Vigor Routers DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown fun… ALTA 2025-05-15
← Anterior Página 8 / 62 (1542 CVEs total) Siguiente →
[INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] CVE-2025-26399: Vulnerabilidad Crítica de Deserialización en SolarWinds Web Help Desk  ·  [INFO] Vulnerabilidad CVE-2026-1603 en Ivanti EPM: Bypass de Autenticación Crítico  ·  [INFO] CVE-2025-68613: Vulnerabilidad Crítica en n8n para Ejecución Remota de Código  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] CVE-2025-26399: Vulnerabilidad Crítica de Deserialización en SolarWinds Web Help Desk  ·  [INFO] Vulnerabilidad CVE-2026-1603 en Ivanti EPM: Bypass de Autenticación Crítico  ·  [INFO] CVE-2025-68613: Vulnerabilidad Crítica en n8n para Ejecución Remota de Código  ·