CIBERPLANETA_
// threat_intelligence_dashboard

Dashboard de Amenazas

Vulnerabilidades activamente explotadas según el catálogo CISA KEV (Known Exploited Vulnerabilities)

¿Cómo se calcula el nivel de amenaza global?

El nivel de amenaza global mostrado en la barra de navegación se calcula en base al número de CVEs activamente explotados publicados en el catálogo CISA KEV (Known Exploited Vulnerabilities) durante las últimas horas:

  • 🟢 BAJA — 0 CVEs nuevos en el feed reciente
  • 🟡 MEDIA — 1 a 2 CVEs nuevos activamente explotados
  • 🟠 ALTA — 3 a 4 CVEs nuevos activamente explotados
  • 🔴 CRÍTICA — 5 o más CVEs nuevos activamente explotados

Fuente: CISA Known Exploited Vulnerabilities Catalog — actualizado cada hora.

13
CVEs añadidos este mes
1542
Total KEV catalogados
10
Vendors afectados

// cves_añadidos_este_mes

CVE Producto Criticidad Añadido
CVE-2026-3910 Google Chromium V8 ALTA 2026-03-13
CVE-2026-3909 Google Skia ALTA 2026-03-13
CVE-2025-68613 n8n n8n CRÍTICA 2026-03-11
CVE-2021-22054 Omnissa Workspace One UEM ALTA 2026-03-09
CVE-2025-26399 SolarWinds Web Help Desk CRÍTICA 2026-03-09
CVE-2026-1603 Ivanti Endpoint Manager (EPM) ALTA 2026-03-09
CVE-2017-7921 Hikvision Multiple Products CRÍTICA 2026-03-05
CVE-2021-22681 Rockwell Multiple Products CRÍTICA 2026-03-05
CVE-2023-43000 Apple Multiple Products ALTA 2026-03-05
CVE-2021-30952 Apple Multiple Products ALTA 2026-03-05

// top_vendors_afectados

Microsoft
15
Apple
6
Google
5
Cisco
4
Fortinet
4
SolarWinds
3
Broadcom
3
SmarterTools
3
Gladinet
3
Ivanti
2

// catalogo_kev_completo

CVE ID Producto Descripción CVSS Añadido
CVE-2025-32756 Fortinet Multiple Products Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a re… CRÍTICA 2025-05-14
CVE-2025-32709 Microsoft Windows Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authoriz… ALTA 2025-05-13
CVE-2025-30397 Microsoft Windows Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to exec… ALTA 2025-05-13
CVE-2025-32706 Microsoft Windows Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows … ALTA 2025-05-13
CVE-2025-32701 Microsoft Windows Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorize… ALTA 2025-05-13
CVE-2025-30400 Microsoft Windows Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevat… ALTA 2025-05-13
CVE-2025-47729 TeleMessage TM SGNL TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies… BAJA 2025-05-12
CVE-2024-11120 GeoVision Multiple Devices Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker… CRÍTICA 2025-05-07
CVE-2024-6047 GeoVision Multiple Devices Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker… CRÍTICA 2025-05-07
CVE-2025-27363 FreeType FreeType FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to Tru… ALTA 2025-05-06
CVE-2025-3248 Langflow Langflow Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, un… CRÍTICA 2025-05-05
CVE-2025-34028 Commvault Command Center Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to exec… CRÍTICA 2025-05-02
CVE-2024-58136 Yiiframework Yii Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execu… CRÍTICA 2025-05-02
CVE-2024-38475 Apache HTTP Server Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map … CRÍTICA 2025-05-01
CVE-2023-44221 SonicWall SMA100 Appliances SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allo… ALTA 2025-05-01
CVE-2025-31324 SAP NetWeaver SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unaut… CRÍTICA 2025-04-29
CVE-2025-1976 Broadcom Brocade Fabric OS Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privile… MEDIA 2025-04-28
CVE-2025-42599 Qualitia Active! Mail Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attack… CRÍTICA 2025-04-28
CVE-2025-3928 Commvault Web Server Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and e… ALTA 2025-04-28
CVE-2025-24054 Microsoft Windows Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized atta… MEDIA 2025-04-17
CVE-2025-31201 Apple Multiple Products Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an att… CRÍTICA 2025-04-17
CVE-2025-31200 Apple Multiple Products Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execu… CRÍTICA 2025-04-17
CVE-2021-20035 SonicWall SMA100 Appliances SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a rem… MEDIA 2025-04-16
CVE-2024-53150 Linux Kernel Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attac… ALTA 2025-04-09
CVE-2024-53197 Linux Kernel Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physic… ALTA 2025-04-09
← Anterior Página 9 / 62 (1542 CVEs total) Siguiente →
[INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] CVE-2025-26399: Vulnerabilidad Crítica de Deserialización en SolarWinds Web Help Desk  ·  [INFO] Las campañas de ClickFix difunden MacSync macOS Infostealer a través de instaladores de herramientas de inteligencia artificial fa...  ·  [INFO] Por qué la validación de seguridad se está convirtiendo en una agencia...  ·  [INFO] La puerta trasera de DRILLAPP apunta a Ucrania y abusa de la depuración de Microsoft Edge para realizar espionaje sigiloso...  ·  [INFO] Android 17 bloquea las aplicaciones que no son de accesibilidad de la API de accesibilidad para evitar el abuso de malware...  ·  [INFO] CVE-2025-26399: Vulnerabilidad Crítica de Deserialización en SolarWinds Web Help Desk  ·