Catalogue des CVE mobiles
154 entrées · sur 154 CVE, 137 sont activement exploitées (KEV CISA)
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
| CVE-2026-5281 | HIGH 8.8 | KEV | Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code vi… | |
| CVE-2026-3909 | HIGH 8.8 | KEV | Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (… | |
| CVE-2026-3910 | HIGH 8.8 | KEV | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted H… | |
| CVE-2026-2441 | HIGH 8.8 | KEV | Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |
| CVE-2025-14174 | HIGH 8.8 | KEV | Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a cra… | |
| CVE-2025-13223 | HIGH 8.8 | KEV | Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… | |
| CVE-2025-10585 | CRITICAL 9.8 | KEV | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… | |
| CVE-2025-55177 | MEDIUM 5.4 | KEV | Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsAp… | |
| CVE-2025-6558 | HIGH 8.8 | KEV | Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox… | |
| CVE-2025-6554 | HIGH 8.1 | KEV | Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium secur… | |
| CVE-2025-5419 | HIGH 8.8 | KEV | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2025-2783 | HIGH 8.3 | KEV | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandb… | |
| CVE-2024-9680 | CRITICAL 9.8 | KEV | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulner… | |
| CVE-2024-7971 | CRITICAL 9.6 | KEV | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security s… | |
| CVE-2024-7965 | HIGH 8.8 | KEV | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2024-39891 | MEDIUM 5.3 | KEV | In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-numb… | |
| CVE-2024-5274 | CRITICAL 9.6 | KEV | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |
| CVE-2024-4947 | CRITICAL 9.6 | KEV | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… | |
| CVE-2024-4761 | HIGH 8.8 | KEV | Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. … | |
| CVE-2024-4671 | CRITICAL 9.6 | KEV | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a … | |
| CVE-2024-0519 | HIGH 8.8 | KEV | Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML … | |
| CVE-2023-7024 | HIGH 8.8 | KEV | Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… | |
| CVE-2023-6345 | CRITICAL 9.6 | KEV | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a s… | |
| CVE-2023-5217 | HIGH 8.8 | KEV | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap… | |
| CVE-2023-26369 | HIGH 7.8 | KEV | Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerabil… | |
| CVE-2023-36761 | MEDIUM 6.5 | KEV | Microsoft Word Information Disclosure Vulnerability | |
| CVE-2023-4863 | HIGH 8.8 | KEV | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write v… | |
| CVE-2023-4762 | HIGH 8.8 | KEV | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security s… | |
| CVE-2023-35311 | HIGH 8.8 | KEV | Microsoft Outlook Security Feature Bypass Vulnerability | |
| CVE-2023-3079 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… | |
| CVE-2023-2136 | CRITICAL 9.6 | KEV | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a s… | |
| CVE-2023-2033 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… | |
| CVE-2023-23397 | CRITICAL 9.8 | KEV | Microsoft Outlook Elevation of Privilege Vulnerability | |
| CVE-2023-21608 | HIGH 7.8 | KEV | Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerabil… | |
| CVE-2022-26485 | HIGH 8.8 | KEV | Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw. Th… | |
| CVE-2022-26486 | CRITICAL 9.6 | KEV | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abu… | |
| CVE-2022-4262 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromiu… | |
| CVE-2022-4135 | CRITICAL 9.6 | KEV | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform … | |
| CVE-2022-3723 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromiu… | |
| CVE-2022-3075 | CRITICAL 9.6 | KEV | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially… | |
| CVE-2022-2856 | MEDIUM 6.5 | KEV | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a … | |
| CVE-2022-3038 | HIGH 8.8 | KEV | Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p… | |
| CVE-2022-2294 | HIGH 8.8 | KEV | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pag… | |
| CVE-2022-1364 | HIGH 8.8 | KEV | Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-1096 | HIGH 8.8 | KEV | Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2022-0609 | HIGH 8.8 | KEV | Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-4102 | HIGH 8.8 | KEV | Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2021-38003 | HIGH 8.8 | KEV | Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML p… | |
| CVE-2021-38000 | MEDIUM 6.1 | KEV | Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a m… | |
| CVE-2021-42292 | HIGH 7.8 | KEV | Microsoft Excel Security Feature Bypass Vulnerability |