Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2023-4863 KEV | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | 99.74% | 2023-09-12 | 2026-06-17 |
| CVE-2020-16040 | Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | 99.59% | 2021-01-08 | 2026-06-16 |
| CVE-2011-3923 | Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 | 88.83% | 2019-11-01 | 2026-06-16 |
| CVE-2022-0306 | Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 85.35% | 2022-02-11 | 2026-06-17 |
| CVE-2018-17463 KEV | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | 83.90% | 2018-11-14 | 2026-06-16 |
| CVE-2016-5195 KEV | Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." | 7.0 | 83.52% | 2016-11-10 | 2026-06-16 |
| CVE-2020-6418 KEV | Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 78.81% | 2020-02-27 | 2026-06-16 |
| CVE-2019-13720 KEV | Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 72.98% | 2019-11-25 | 2026-06-16 |
| CVE-2022-2294 KEV | Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 70.46% | 2022-07-27 | 2026-06-17 |
| CVE-2021-21220 KEV | Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 70.44% | 2021-04-26 | 2026-06-16 |
| CVE-2021-30551 KEV | Type confusion in V8 in Google Chrome prior to 91.0.4472.101 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 64.70% | 2021-06-15 | 2026-06-16 |
| CVE-2021-30632 KEV | Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 64.55% | 2021-10-08 | 2026-06-16 |
| CVE-2023-3420 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | 62.11% | 2023-06-26 | 2026-06-17 |
| CVE-2019-5786 KEV | Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 6.5 | 61.54% | 2019-06-27 | 2026-06-16 |
| CVE-2018-6065 KEV | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 58.82% | 2018-11-14 | 2026-06-16 |
| CVE-2021-21224 KEV | Type confusion in V8 in Google Chrome prior to 90.0.4430.85 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | 8.8 | 57.74% | 2021-04-26 | 2026-06-16 |
| CVE-2019-5825 KEV | Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 | 55.93% | 2019-11-25 | 2026-06-16 |
| CVE-2020-15999 KEV | Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 | 50.63% | 2020-11-02 | 2026-06-16 |
| CVE-2020-16009 KEV | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | 48.57% | 2020-11-02 | 2026-06-16 |
| CVE-2016-1646 KEV | The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via crafted JavaScript code. | 8.8 | 48.11% | 2016-03-29 | 2026-06-16 |