Edge Security Vulnerabilities and Issues — Edge CVE List

CVE•added 2021/03/11 4:15 p.m.•1192 views

CVE-2021-26411

Internet Explorer Memory Corruption Vulnerability

8.8CVSS8.2AI score0.88999EPSS

CVE•added 2022/11/25 1:15 a.m.•1149 views

CVE-2022-4135

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

9.6CVSS9.3AI score0.00099EPSS

CVE•added 2020/09/11 5:15 p.m.•1076 views

CVE-2020-0878

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerabili...

7.5CVSS7AI score0.21619EPSS

CVE•added 2016/11/10 6:59 a.m.•1047 views

CVE-2016-7200

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CV...

8.8CVSS7.8AI score0.89399EPSS

CVE•added 2016/11/10 6:59 a.m.•1040 views

CVE-2016-7201

8.8CVSS7.8AI score0.89399EPSS

CVE•added 2017/02/26 11:59 p.m.•1037 views

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets ...

8.1CVSS6.4AI score0.91698EPSS

CVE•added 2015/02/02 7:59 p.m.•1021 views

CVE-2015-0313

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnera...

10CVSS7.9AI score0.93166EPSS

CVE•added 2023/09/28 4:15 p.m.•928 views

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

8.8CVSS9.2AI score0.01363EPSS

CVE•added 2015/01/23 9:59 p.m.•890 views

CVE-2015-0311

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

10CVSS7.7AI score0.92745EPSS

CVE•added 2016/09/14 10:59 a.m.•879 views

CVE-2016-3351

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

6.5CVSS4.8AI score0.45632EPSS

CVE•added 2023/07/14 6:15 p.m.•854 views

CVE-2023-36883

Microsoft Edge for iOS Spoofing Vulnerability

4.3CVSS4.5AI score0.00204EPSS

CVE•added 2021/02/22 10:15 p.m.•817 views

CVE-2021-21157

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8CVSS9AI score0.01551EPSS

CVE•added 2022/12/13 7:15 p.m.•714 views

CVE-2022-44708

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.3CVSS8.2AI score0.0027EPSS

CVE•added 2017/06/15 1:29 a.m.•479 views

CVE-2017-8524

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the Java...

7.6CVSS6.2AI score0.13839EPSS

CVE•added 2024/08/21 9:15 p.m.•392 views

CVE-2024-7971

Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

9.6CVSS6.8AI score0.00632EPSS

CVE•added 2017/05/12 2:29 p.m.•335 views

CVE-2017-0228

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-...

7.6CVSS7.8AI score0.55566EPSS

CVE•added 2021/09/03 8:15 p.m.•313 views

CVE-2021-30617

Chromium: CVE-2021-30617 Policy bypass in Blink

6.5CVSS7.2AI score0.00721EPSS

CVE•added 2017/05/12 2:29 p.m.•308 views

CVE-2017-0238

A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017...

7.6CVSS7.6AI score0.55566EPSS

CVE•added 2020/02/11 10:15 p.m.•298 views

CVE-2020-0713

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0767.

CVE•added 2017/06/15 1:29 a.m.•258 views

CVE-2017-8522

Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling...

7.6CVSS6.2AI score0.13839EPSS

CVE•added 2020/02/11 10:15 p.m.•257 views

CVE-2020-0711

CVE•added 2024/06/20 8:15 p.m.•252 views

CVE-2024-38082

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.7CVSS5AI score0.0025EPSS

CVE•added 2024/03/14 11:15 p.m.•250 views

CVE-2024-26246

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

3.9CVSS4.4AI score0.00293EPSS

CVE•added 2018/08/15 5:29 p.m.•248 views

CVE-2018-8390

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8...

CVE•added 2024/03/07 9:15 p.m.•248 views

CVE-2024-26167

Microsoft Edge for Android Spoofing Vulnerability

4.3CVSS5.3AI score0.00783EPSS

CVE•added 2020/02/11 10:15 p.m.•247 views

CVE-2020-0712

CVE•added 2021/09/03 8:15 p.m.•247 views

CVE-2021-30624

Chromium: CVE-2021-30624 Use after free in Autofill

8.8CVSS8.2AI score0.00373EPSS

CVE•added 2020/02/11 10:15 p.m.•246 views

CVE-2020-0710

CVE•added 2020/02/11 10:15 p.m.•242 views

CVE-2020-0767

CVE•added 2018/08/15 5:29 p.m.•241 views

CVE-2018-8372

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-8353, CVE-2018-835...

CVE•added 2019/11/12 7:15 p.m.•231 views

CVE-2019-1426

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429.

7.6CVSS7.5AI score0.67064EPSS

CVE•added 2017/06/15 1:29 a.m.•229 views

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microso...

6.5CVSS6AI score0.22313EPSS

CVE•added 2018/08/15 5:29 p.m.•228 views

CVE-2018-8355

CVE•added 2018/08/15 5:29 p.m.•228 views

CVE-2018-8385

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID...

CVE•added 2021/02/09 2:15 p.m.•228 views

CVE-2021-21140

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.

6.8CVSS7AI score0.00171EPSS

CVE•added 2023/11/03 1:15 a.m.•226 views

CVE-2023-36029

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS5.3AI score0.0012EPSS

CVE•added 2016/11/10 6:59 a.m.•225 views

CVE-2016-7202

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," as demonstrated by the Chakra JavaSc...

CVE•added 2020/04/15 3:15 p.m.•221 views

CVE-2020-0970

7.6CVSS8AI score0.43238EPSS

CVE•added 2017/05/12 2:29 p.m.•217 views

CVE-2017-0224

A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017...

7.6CVSS7.3AI score0.55566EPSS

CVE•added 2024/06/20 8:15 p.m.•216 views

CVE-2024-38093

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS4.8AI score0.00516EPSS

CVE•added 2018/07/11 12:29 a.m.•215 views

CVE-2018-8288

7.6CVSS6.7AI score0.89009EPSS

CVE•added 2019/04/09 9:29 p.m.•212 views

CVE-2019-0739

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862.

7.6CVSS7.6AI score0.91963EPSS

CVE•added 2016/11/10 6:59 a.m.•210 views

CVE-2016-7243

CVE•added 2018/07/11 12:29 a.m.•208 views

CVE-2018-8291

7.6CVSS6.7AI score0.89009EPSS

CVE•added 2016/11/10 6:59 a.m.•206 views

CVE-2016-7240

CVE•added 2019/11/12 7:15 p.m.•204 views

CVE-2019-1427

7.6CVSS7.5AI score0.67064EPSS

CVE•added 2019/11/12 7:15 p.m.•204 views

CVE-2019-1428

7.6CVSS7.5AI score0.67064EPSS

CVE•added 2016/11/10 6:59 a.m.•202 views

CVE-2016-7242

CVE•added 2018/07/11 12:29 a.m.•199 views

CVE-2018-8287

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2...

7.6CVSS6.7AI score0.89009EPSS