Known Exploited Vulnerabilities

Focus on What Matters

There are 297,588 vulnerabilities in the CVE database.
Whilst only 0.6% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-16017	Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37976	Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16009	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30632	Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16013	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30633	Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21148	Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37973	Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30551	Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37975	Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6418	Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30554	Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21206	Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38000	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38003	Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21224	Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21193	Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21220	Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2019-16256	Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...	Samsung	SIMalliance Toolbox Browser	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30563	Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4430	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to traverse directories on the system. An attacker...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4427	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2020-4428	IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a remote authenticated attacker to execute arbitrary commands on the system. IBM...	IBM	Data Risk Manager	2021-11-03 00:00:00 UTC	CISA
CVE-2019-4716	IBM Planning Analytics 2.0.0 through 2.0.8 is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and...	IBM	Planning Analytics	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3715	The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.	ImageMagick	ImageMagick	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1551 - 1575 of 1851 in total