NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2023-4863 KEV | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | 99.74% | 2023-09-12 | 2026-06-17 |
| CVE-2020-16040 | Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | 99.59% | 2021-01-08 | 2026-06-16 |
| CVE-2011-3923 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 | 88.83% | 2019-11-01 | 2026-06-16 |
| CVE-2022-0306 | Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 85.35% | 2022-02-11 | 2026-06-17 |
| CVE-2018-17463 KEV | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | 83.90% | 2018-11-14 | 2026-06-16 |
| CVE-2016-5195 KEV | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 | 83.52% | 2016-11-10 | 2026-06-16 |
| CVE-2020-6418 KEV | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 78.81% | 2020-02-27 | 2026-06-16 |
| CVE-2019-13720 KEV | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 72.98% | 2019-11-25 | 2026-06-16 |
| CVE-2022-2294 KEV | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 70.46% | 2022-07-27 | 2026-06-17 |
| CVE-2021-21220 KEV | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 70.44% | 2021-04-26 | 2026-06-16 |
| CVE-2021-30551 KEV | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 64.70% | 2021-06-15 | 2026-06-16 |
| CVE-2021-30632 KEV | Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 64.55% | 2021-10-08 | 2026-06-16 |
| CVE-2023-3420 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | 62.11% | 2023-06-26 | 2026-06-17 |
| CVE-2019-5786 KEV | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 | 61.54% | 2019-06-27 | 2026-06-16 |
| CVE-2018-6065 KEV | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 58.82% | 2018-11-14 | 2026-06-16 |
| CVE-2021-21224 KEV | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | 57.74% | 2021-04-26 | 2026-06-16 |
| CVE-2019-5825 KEV | Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | 55.93% | 2019-11-25 | 2026-06-16 |
| CVE-2020-15999 KEV | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 | 50.63% | 2020-11-02 | 2026-06-16 |
| CVE-2020-16009 KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 48.57% | 2020-11-02 | 2026-06-16 |
| CVE-2016-1646 KEV | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | 8.8 | 48.11% | 2016-03-29 | 2026-06-16 |