Known Exploited Vulnerabilities

Focus on What Matters

There are 303,256 vulnerabilities in the CVE database.
Whilst only 0.7% are ever actively exploited.

This list contains the vulnerabilities that are actively exploited by malware and threat actors that you should prioritize first.

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 60 public sources, including CISA, and our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, tags, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-30563	Type Confusion in V8 in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21220	Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21193	Use after free in Blink in Google Chrome prior to 89.0.4389.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21224	Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-29583	Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-38000	Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21206	Use after free in Blink in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30554	Use after free in WebGL in Google Chrome prior to 91.0.4472.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6418	Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37975	Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30551	Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37973	Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21148	Heap buffer overflow in V8 in Google Chrome prior to 88.0.4324.150 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30633	Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16013	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-30632	Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16009	Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-37976	Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16017	Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2021-21166	Data race in audio in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-15999	Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16010	Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2021-11-03 00:00:00 UTC	CISA
CVE-2018-13379	An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to...	Fortinet	Fortinet FortiOS, FortiProxy	2021-11-03 00:00:00 UTC	CISA
CVE-2020-12812	An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in...	n/a	Fortinet FortiOS	2021-11-03 00:00:00 UTC	CISA
CVE-2019-5591	A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by...	Fortinet	Fortinet FortiOS	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1601 - 1625 of 1997 in total