Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has ever flagged as actively exploited. Filter by category, sort by severity or exploit-likelihood, search by vendor or product.
| Added | CVE | Vendor / Product | Name & description | CVSS | EPSS |
|---|---|---|---|---|---|
| Nov 3, 2021 | CVE-2020-6819 | Mozilla Firefox and Thunderbird |
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free…
|
— | 0.4% |
| Nov 3, 2021 | CVE-2020-6820 | Mozilla Firefox and Thunderbird |
Mozilla Firefox And Thunderbird Use-After-Free Vulnerability
Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnera…
|
— | 3.1% |
| Nov 3, 2021 | CVE-2021-1870 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-1871 | Apple iOS, iPadOS, and macOS |
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-1879 | Apple iOS, iPadOS, and watchOS |
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. Th…
|
— | 0.8% |
| Nov 3, 2021 | CVE-2021-21148 | Google Chromium V8 |
Google Chromium V8 Heap Buffer Overflow Vulnerability
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 22.3% |
| Nov 3, 2021 | CVE-2021-21166 | Google Chromium |
Google Chromium Race Condition Vulnerability
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affe…
|
— | 38.0% |
| Nov 3, 2021 | CVE-2021-21193 | Google Chromium Blink |
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 13.8% |
| Nov 3, 2021 | CVE-2021-21206 | Google Chromium Blink |
Google Chromium Blink Use-After-Free Vulnerability
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 17.5% |
| Nov 3, 2021 | CVE-2021-21220 | Google Chromium V8 |
Google Chromium V8 Improper Input Validation Vulnerability
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vu…
|
— | 91.2% |
| Nov 3, 2021 | CVE-2021-21224 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could …
|
— | 42.5% |
| Nov 3, 2021 | CVE-2021-30551 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 82.2% |
| Nov 3, 2021 | CVE-2021-30554 | Google Chromium WebGL |
Google Chromium WebGL Use-After-Free Vulnerability
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability coul…
|
— | 5.8% |
| Nov 3, 2021 | CVE-2021-30563 | Google Chromium V8 |
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 2.6% |
| Nov 3, 2021 | CVE-2021-30632 | Google Chromium V8 |
Google Chromium V8 Out-of-Bounds Write Vulnerability
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerab…
|
— | 83.8% |
| Nov 3, 2021 | CVE-2021-30633 | Google Chromium Indexed DB API |
Google Chromium Indexed DB API Use-After-Free Vulnerability
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox es…
|
— | 30.1% |
| Nov 3, 2021 | CVE-2021-30661 | Apple Multiple Products |
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web cont…
|
— | 0.1% |
| Nov 3, 2021 | CVE-2021-30663 | Apple Multiple Products |
Apple Multiple Products WebKit Integer Overflow Vulnerability
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vuln…
|
— | 1.0% |
| Nov 3, 2021 | CVE-2021-30665 | Apple Multiple Products |
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vul…
|
— | 0.2% |
| Nov 3, 2021 | CVE-2021-30666 | Apple iOS |
Apple iOS WebKit Buffer Overflow Vulnerability
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parser…
|
— | 1.2% |
| Nov 3, 2021 | CVE-2021-30761 | Apple iOS |
Apple iOS WebKit Memory Corruption Vulnerability
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML pars…
|
— | 0.5% |
| Nov 3, 2021 | CVE-2021-30762 | Apple iOS |
Apple iOS WebKit Use-After-Free Vulnerability
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers…
|
— | 0.0% |
| Nov 3, 2021 | CVE-2021-37973 | Google Chromium Portals |
Google Chromium Portals Use-After-Free Vulnerability
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape vi…
|
— | 14.8% |
| Nov 3, 2021 | CVE-2021-37975 | Google Chromium V8 |
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability …
|
— | 63.0% |
| Nov 3, 2021 | CVE-2021-37976 | Google Chromium |
Google Chromium Information Disclosure Vulnerability
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from pr…
|
— | 20.1% |
| Nov 3, 2021 | CVE-2021-38000 | Google Chromium Intents |
Google Chromium Intents Improper Input Validation Vulnerability
Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This v…
|
— | 4.2% |
| Nov 3, 2021 | CVE-2021-38003 | Google Chromium V8 |
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multipl…
|
— | 64.2% |
Source: CISA KEV catalog. Severity (CVSS) and exploit-probability (EPSS) sync nightly from NVD and FIRST.