Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 entries
Critical CVE-2020-16010 Google · Chrome for Android UI Added Nov 3, 2021

Google Chrome for Android UI Heap Buffer Overflow Vulnerability

Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-15999 Google · Chrome FreeType Added Nov 3, 2021

Google Chrome FreeType Heap Buffer Overflow Vulnerability

Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21166 Google · Chromium Added Nov 3, 2021

Google Chromium Race Condition Vulnerability

Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-16017 Google · Chrome Added Nov 3, 2021

Google Chrome Use-After-Free Vulnerability

Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-37976 Google · Chromium Added Nov 3, 2021

Google Chromium Information Disclosure Vulnerability

Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-16009 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30632 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Out-of-Bounds Write Vulnerability

Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-16013 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Incorrect Implementation Vulnerabililty

Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30633 Google · Chromium Indexed DB API Added Nov 3, 2021

Google Chromium Indexed DB API Use-After-Free Vulnerability

Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21148 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Heap Buffer Overflow Vulnerability

Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-37973 Google · Chromium Portals Added Nov 3, 2021

Google Chromium Portals Use-After-Free Vulnerability

Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30551 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-37975 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Use-After-Free Vulnerability

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-6418 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30554 Google · Chromium WebGL Added Nov 3, 2021

Google Chromium WebGL Use-After-Free Vulnerability

Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21206 Google · Chromium Blink Added Nov 3, 2021

Google Chromium Blink Use-After-Free Vulnerability

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38000 Google · Chromium Intents Added Nov 3, 2021

Google Chromium Intents Improper Input Validation Vulnerability

Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38003 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Memory Corruption Vulnerability

Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21224 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21193 Google · Chromium Blink Added Nov 3, 2021

Google Chromium Blink Use-After-Free Vulnerability

Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21220 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Improper Input Validation Vulnerability

Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30563 Google · Chromium V8 Added Nov 3, 2021

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-4430 IBM · Data Risk Manager Added Nov 3, 2021

IBM Data Risk Manager Directory Traversal Vulnerability

IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-4427 IBM · Data Risk Manager Added Nov 3, 2021

IBM Data Risk Manager Security Bypass Vulnerability

IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-4428 IBM · Data Risk Manager Added Nov 3, 2021

IBM Data Risk Manager Remote Code Execution Vulnerability

IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.