Vulnérabilités activement exploitées (KEV CISA)
27 entrées
| CVE | Sévérité | KEV | Publié | Description |
|---|---|---|---|---|
| CVE-2025-10585 | CRITICAL 9.8 | KEV | Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromi… | |
| CVE-2024-9680 | CRITICAL 9.8 | KEV | An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulner… | |
| CVE-2024-7971 | CRITICAL 9.6 | KEV | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security s… | |
| CVE-2024-5274 | CRITICAL 9.6 | KEV | Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Ch… | |
| CVE-2024-4947 | CRITICAL 9.6 | KEV | Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chr… | |
| CVE-2024-4671 | CRITICAL 9.6 | KEV | Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a … | |
| CVE-2023-6345 | CRITICAL 9.6 | KEV | Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a s… | |
| CVE-2023-2136 | CRITICAL 9.6 | KEV | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a s… | |
| CVE-2023-23397 | CRITICAL 9.8 | KEV | Microsoft Outlook Elevation of Privilege Vulnerability | |
| CVE-2022-26486 | CRITICAL 9.6 | KEV | An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abu… | |
| CVE-2022-4135 | CRITICAL 9.6 | KEV | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform … | |
| CVE-2022-3075 | CRITICAL 9.6 | KEV | Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially… | |
| CVE-2021-37973 | CRITICAL 9.6 | KEV | Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… | |
| CVE-2021-30633 | CRITICAL 9.6 | KEV | Use after free in Indexed DB API in Google Chrome prior to 93.0.4577.82 allowed a remote attacker who had compromised the renderer process to potentially perfo… | |
| CVE-2020-16017 | CRITICAL 9.6 | KEV | Use after free in site isolation in Google Chrome prior to 86.0.4240.198 allowed a remote attacker who had compromised the renderer process to potentially perf… | |
| CVE-2020-16010 | CRITICAL 9.6 | KEV | Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially… | |
| CVE-2020-15999 | CRITICAL 9.6 | KEV | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML pa… | |
| CVE-2019-11708 | CRITICAL 10.0 | KEV | Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process op… | |
| CVE-2019-3568 | CRITICAL 9.8 | KEV | A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number… | |
| CVE-2015-0313 | CRITICAL 9.8 | KEV | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Lin… | |
| CVE-2015-0311 | CRITICAL 9.8 | KEV | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on … | |
| CVE-2014-0546 | CRITICAL 9.8 | KEV | Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 on Windows allow attackers to bypass a sandbox protection mechanism, and consequently exec… | |
| CVE-2014-0497 | CRITICAL 9.8 | KEV | Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before 11.2.202.336 on Linu… | |
| CVE-2013-3346 | CRITICAL 9.8 | KEV | Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (… | |
| CVE-2013-2729 | CRITICAL 9.8 | KEV | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspe… | |
| CVE-2011-2462 | CRITICAL 9.8 | KEV | Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UN… | |
| CVE-2010-3765 | CRITICAL 9.8 | KEV | Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when Ja… |