Lucene search
K

255 matches found

CVE
CVE
added 2020/11/03 2:21 a.m.1378 views

CVE-2020-16009

CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...

8.8CVSS8.6AI score0.48574EPSS
In wild
CVE
CVE
added 2022/11/25 12:0 a.m.1210 views

CVE-2022-4135

CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...

9.6CVSS9.3AI score0.31864EPSS
In wild
CVE
CVE
added 2017/02/26 11:30 p.m.1066 views

CVE-2017-0037

CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...

8.1CVSS6.4AI score0.80386EPSS
In wild
CVE
CVE
added 2023/07/14 5:54 p.m.871 views

CVE-2023-36883

CVE-2023-36883 concerns a spoofing vulnerability in Microsoft Edge for iOS. The initial description identifies the issue as a spoofing vulnerability affecting Edge on iOS, but does not provide details on root cause, affected versions beyond the platform, or concrete exploitation methods. CVSS met...

4.3CVSS4.5AI score0.00571EPSS
CVE
CVE
added 2021/02/22 9:20 p.m.840 views

CVE-2021-21157

CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...

8.8CVSS9AI score0.09458EPSS
CVE
CVE
added 2022/12/13 12:0 a.m.736 views

CVE-2022-44708

CVE-2022-44708 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. The initial document lists Edge Chromium-based Elevation of Privilege (CVE-2022-44708) with a CVSS v3.1 base score of 8.3 (High), attack vector Network, attack complexity High, privileges required None, user...

8.3CVSS8.2AI score0.01887EPSS
CVE
CVE
added 2025/09/16 6:13 p.m.621 views

CVE-2025-47967

CVE-2025-47967 affects Microsoft Edge (Chromium-based) for Android. The vulnerability arises from insufficient user interface warnings for dangerous operations, enabling an unauthorized attacker to perform a network spoofing attack. According to the CVE details, the impact is a partial integrity ...

4.7CVSS6.1AI score0.00341EPSS
CVE
CVE
added 2024/08/21 8:20 p.m.523 views

CVE-2024-7971

CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...

9.6CVSS6.8AI score0.19272EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.353 views

CVE-2017-0228

Connected documents describe a remote code execution vulnerability in the JavaScript engine/memory handling path used by Microsoft Edge and the ChakraCore engine (Scripting Engine Memory Corruption). The advisories identify exploitation via memory corruption in object handling, affecting Edge/Cha...

7.6CVSS7.8AI score0.16992EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.326 views

CVE-2017-0238

CVE-2017-0238 is linked to memory-corruption in the JavaScript engine used by Microsoft Edge/ChakraCore. The connected advisories describe a remote code execution path when handling in-memory objects, affecting Edge/ChakraCore. Mitigation guidance in the docs points to applying Security Updates t...

7.6CVSS7.6AI score0.31582EPSS
CVE
CVE
added 2024/03/14 10:13 p.m.277 views

CVE-2024-26246

CVE-2024-26246 affects Microsoft Edge (Chromium-based). The vulnerability is described as a Security Feature Bypass in Edge, with the affected component being Edge’s Chromium-based browser. The available data indicate a Low base severity (CVSS 3.1: 3.9), with confidentiality impact High and no in...

3.9CVSS4.4AI score0.00646EPSS
CVE
CVE
added 2024/03/07 8:21 p.m.271 views

CVE-2024-26167

CVE-2024-26167 corresponds to a Microsoft Edge for Android spoofing vulnerability. Affected product: Microsoft Edge for Android (Chromium-based). Vulnerable item: user interface (UI) spoofing vulnerability in Edge for Android. Root cause is described as spoofing in the Edge browser, enabling a re...

4.3CVSS5.3AI score0.00932EPSS
CVE
CVE
added 2024/06/20 8:6 p.m.265 views

CVE-2024-38082

CVE-2024-38082 affects Microsoft Edge (Chromium-based). The provided data describes a spoofing vulnerability in Edge with a CVSS v3.1 base score of 4.7 (Medium). Details show an external network vector requiring user interaction (AV:N, UI:R) and a changed scope (S:C) with no confidentiality impac...

4.7CVSS5AI score0.00493EPSS
CVE
CVE
added 2021/02/09 1:56 p.m.250 views

CVE-2021-21140

CVE-2021-21140 affects Chromium/Google Chrome USB stack: uninitialized memory use in the USB implementation could allow a local attacker to cause out-of-bounds access. The vulnerability is associated with Chrome/Chromium builds before 88.0.4324.96. In affected advisories, remediation is to upgrad...

6.8CVSS7AI score0.0076EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.243 views

CVE-2016-7202

CVE-2016-7202 refers to a memory corruption vulnerability in the Chakra JavaScript scripting engine used by Microsoft Edge/IE (the “Scripting Engine Memory Corruption Vulnerability”). The connected advisories describe RCE/DoS opportunities via crafted web content, with ChakraCore as the adversari...

7.6CVSS7.8AI score0.73289EPSS
In wild
CVE
CVE
added 2023/11/03 12:22 a.m.241 views

CVE-2023-36029

CVE-2023-36029 applies to Microsoft Edge (Chromium-based) and is described as a spoofing vulnerability. The vulnerability is labeled with a Network attack vector, low to moderate impact (Integrity impact: Low; Confidentiality/Availability: None) and requires user interaction for exploitation, wit...

4.3CVSS5.3AI score0.00955EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.239 views

CVE-2017-0224

CVE-2017-0224 describes a remote code execution in Microsoft Edge via the scripting engine memory corruption when handling objects in memory. Connected advisories (GHSA entries) confirm a Chakra/Edge scripting engine memory corruption vulnerability with similar implications, reinforcing that the ...

7.6CVSS7.3AI score0.11444EPSS
In wild
CVE
CVE
added 2024/06/20 8:6 p.m.236 views

CVE-2024-38093

CVE-2024-38093 is corroborated by multiple connected sources as a Microsoft Edge (Chromium-based) spoofing vulnerability. The OpenVAS entry describes Edge as prone to multiple spoofing vulnerabilities and explicitly lists CVE-2024-38093 among them, but does not provide affected version ranges or ...

4.3CVSS4.8AI score0.00493EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.225 views

CVE-2016-7242

Affected software: Chakra JavaScript engine (ChakraCore) used by Microsoft Edge. Vulnerability type/impact: memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Root cause/notes: described in the CVE as a memory-corruptio...

7.6CVSS7.8AI score0.1628EPSS
In wild
CVE
CVE
added 2016/11/10 6:16 a.m.223 views

CVE-2016-7243

CVE-2016-7243 concerns the Chakra JavaScript engine in Microsoft Edge (ChakraCore) and allows remote attackers to execute arbitrary code or cause memory corruption via a crafted web site. Connected advisories confirm this as a ChakraCore RCE vulnerability distinct from other CVEs in the same fami...

7.6CVSS7.8AI score0.15168EPSS
In wild
CVE
CVE
added 2016/11/10 6:16 a.m.220 views

CVE-2016-7240

CVE-2016-7240 refers to a ChakraCore/Microsoft Edge memory corruption vulnerability in the Chakra JavaScript engine that can lead to remote code execution or memory corruption via a crafted web site. The connected advisories (GHSA entries) describe it as a ChakraCore RCE vulnerability and disting...

7.6CVSS7.8AI score0.66469EPSS
In wild
CVE
CVE
added 2016/11/10 6:16 a.m.209 views

CVE-2016-7208

Technical details about CVE-2016-7208 are not publicly provided in the supplied Connected documents. The available sources describe a ChakraCore memory corruption issue affecting Microsoft Edge , but no product/version/patch specifics are included. Monitor for updates.

7.6CVSS7.8AI score0.15277EPSS
In wild
CVE
CVE
added 2021/02/09 1:56 p.m.209 views

CVE-2021-21141

CVE-2021-21141 affects Chromium-based browsers (Chrome/Chromium) up to version 88.0.4324.96, due to insufficient policy enforcement in the File System API. This allows a remote attacker to bypass the file-extension policy via a crafted HTML page. The issue is mitigated by upgrading to 88.0.4324.9...

6.5CVSS6.5AI score0.05439EPSS
CVE
CVE
added 2024/03/22 9:39 p.m.208 views

CVE-2024-26247

CVE-2024-26247 is a Microsoft Edge (Chromium-based) security feature bypass vulnerability. Affected component: Edge’s Chromium-based browser; root cause: bypass of security features as described in multiple sources. Impact: ensures bypass with a CVSSv3.1 base score of 4.7 (Network, no confidentia...

4.7CVSS4.9AI score0.0112EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.207 views

CVE-2016-7203

CVE-2016-7203 concerns the Chakra JavaScript engine in Microsoft Edge, described as a memory corruption vulnerability that could allow remote code execution or a denial of service via a crafted website. Public details in the initial entry note the issue as distinct from other CVEs in the same fam...

7.6CVSS7.8AI score0.64892EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.207 views

CVE-2017-0231

Public technical details for CVE-2017-0231 are not provided in the connected documents. They only state a SmartScreen spoofing issue in Microsoft browsers; no affected products, versions, or remediation are specified. Monitor for updates.

4.3CVSS5.6AI score0.03673EPSS
CVE
CVE
added 2024/02/23 10:16 p.m.200 views

CVE-2024-26188

CVE-2024-26188 (Microsoft Edge, Chromium-based) — Spoofing vulnerability affecting Edge for desktop/mobile (Chromium-based). Affected component: browser UI spoofing vector, with underlying issue described as spoofing vulnerability in Edge’s Chromium-based engine. CVSS 3.1: Network attack, no priv...

4.3CVSS4.5AI score0.00826EPSS
CVE
CVE
added 2024/03/22 9:39 p.m.198 views

CVE-2024-29057

Microsoft Edge (Chromium-based) is affected by CVE-2024-29057, described as a spoofing vulnerability that can spoof user interface elements. The data indicates network-based access with low attack complexity and user interaction required, yielding a MEDIUM severity (CVSS 3.1: 4.3) and potential U...

4.3CVSS4.8AI score0.01002EPSS
CVE
CVE
added 2024/06/13 7:24 p.m.187 views

CVE-2024-30057

CVE-2024-30057 — Microsoft Edge for iOS Spoofing Vulnerability Affected software: Microsoft Edge for iOS (and Edge Chromium-based variants listed in related advisories). What’s vulnerable: An unspecified spoofing vulnerability in Edge for iOS that can be exploited to spoof the user interface. The...

5.4CVSS5.1AI score0.00406EPSS
CVE
CVE
added 2022/01/25 9:23 p.m.178 views

CVE-2022-23258

CVE-2022-23258: Microsoft Edge for Android spoofing vulnerability has concrete public details in connected documents. Affected product: Microsoft Edge for Android (Chromium-based). The issue is described as a UI spoofing vulnerability that could mislead users; underlying cause relates to spoofing...

4.3CVSS4.7AI score0.01576EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.173 views

CVE-2023-28301

CVE-2023-28301 refers to a Tampering Vulnerability in Microsoft Edge (Chromium-based). The provided documents identify the affected product as Microsoft Edge for Chromium-based builds, with remediation noted as updating to version 112.0.1722.34 or later (per Nessus plugin data). The exact root ca...

3.7CVSS4.3AI score0.00873EPSS
CVE
CVE
added 2024/02/29 8:27 p.m.160 views

CVE-2024-26196

CVE-2024-26196 is a Chromium-based Microsoft Edge for Android information-disclosure vulnerability. The CVE entry describes an information disclosure flaw in Edge for Android; CVSSv3.1 base score 4.3 (Medium) with network attack vector, no privileges required, user interaction required, and impac...

4.3CVSS4.2AI score0.01243EPSS
CVE
CVE
added 2024/08/22 11:4 p.m.159 views

CVE-2024-38208

CVE-2024-38208 is linked to a spoofing vulnerability in Microsoft Edge for Android. Connected sources describe a remote spoofing risk that could mislead users by spoofing the browser UI. Affected product: Microsoft Edge for Android (Chromium-based). The core issue is described as a spoofing vulne...

6.1CVSS6.2AI score0.0039EPSS
CVE
CVE
added 2024/08/26 12:1 p.m.159 views

CVE-2024-41879

Adobe Acrobat Reader (versions 127.2651.105 and earlier) is affected by an out-of-bounds write vulnerability that can lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction (victim opens a malicious file); public exploits exist for this CVE. A ...

7.8CVSS7.8AI score0.00483EPSS
CVE
CVE
added 2023/04/11 7:12 p.m.155 views

CVE-2023-28284

CVE-2023-28284 concerns Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Affected product: Edge (Chromium-based). The available data describe the issue as a Security Feature Bypass, with a CVSSv3 base score of 4.3 (Medium) and an attack vector of Network, requiring user inte...

4.3CVSS4.8AI score0.00817EPSS
CVE
CVE
added 2024/07/25 9:33 p.m.144 views

CVE-2024-38103

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-38103) is documented in the CVE entry with a MEDIUM base score (CVSS 3.1) and edge network-based exposure. Connected documents corroborate that this CVE is part of a family of Edge vulnerabilities reported in 2024 (e.g...

5.9CVSS5.4AI score0.00453EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.137 views

CVE-2017-0236

The connected documentation confirms CVE-2017-0236 is a remote code execution vulnerability in Microsoft Edge’s Chakra JavaScript engine related to memory handling of objects, described as a Scripting Engine Memory Corruption vulnerability. The issue is triggered during rendering in memory, enabl...

7.6CVSS7.7AI score0.31582EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.136 views

CVE-2017-0234

CVE-2017-0234 corresponds to a remote code execution in the Chakra JavaScript engine used by Microsoft Edge, triggered by memory handling when rendering objects. Connected advisories confirm a ChakraCore/Edge scripting-engine memory corruption issue; exploitation would arise from the engine’s han...

7.6CVSS7.7AI score0.38115EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.132 views

CVE-2017-8750

CVE-2017-8750 is a memory corruption vulnerability in Microsoft Browsers (Internet Explorer and Edge) that allows remote code execution in the context of the current user when objects in memory are accessed improperly. Affected software includes Internet Explorer on Windows 7 SP1, Windows Server ...

7.6CVSS7.1AI score0.09202EPSS
CVE
CVE
added 2024/09/12 3:6 a.m.129 views

CVE-2024-38222

Technical details for CVE-2024-38222 are not publicly provided in the connected documents; sources only identify an information disclosure vulnerability in Microsoft Edge (Chromium-based). Monitor official Microsoft advisories for specifics and patch guidance.

6.5CVSS6.1AI score0.01122EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.124 views

CVE-2016-7190

CVE-2016-7190 affects the Chakra JavaScript engine in Microsoft Edge. A memory corruption vulnerability triggered by a crafted web site can lead to remote code execution or a denial of service. Public references tie this family to MS16-119. Mitigation available via patching Edge/Windows as descri...

7.6CVSS7.6AI score0.66919EPSS
CVE
CVE
added 2017/01/10 9:0 p.m.124 views

CVE-2017-0002

Microsoft Edge: CVE-2017-0002 is a Same Origin Policy bypass in Edge involving about:blank and data: URLs. A remote attacker could entice a user to a malicious page to bypass origin checks and disclose information across domains, effectively elevating access within affected Edge versions. Multipl...

8.8CVSS8.3AI score0.1489EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.124 views

CVE-2017-11843

CVE-2017-11843 affects ChakraCore and Microsoft Edge; described as a memory-corruption vulnerability in the scripting engine that lets an attacker gain the current user’s rights by manipulating in-memory objects. GHSA advisories indicate impact on Windows 10 (versions 1703 and 1709) and Windows S...

7.6CVSS7.5AI score0.08474EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.118 views

CVE-2017-11791

CVE-2017-11791 is described in the provided documents as an information-disclosure vulnerability affecting the scripting engine in ChakraCore/Internet Explorer. The vulnerability arises from how objects are handled in memory and is reported for Internet Explorer and ChakraCore components on Windo...

3.1CVSS4.7AI score0.05487EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.118 views

CVE-2017-8741

CVE-2017-8741 affects Internet Explorer/Edge rendering engines in Windows platforms; the vulnerability arises from how scripting engines render objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The Nessus-derived details describe a remote-code-e...

7.6CVSS7.2AI score0.11923EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.118 views

CVE-2018-0872

ChakraCore RCE vulnerability affecting ChakraCore and Windows components. The connected advisories describe a memory-correlation flaw in the Chakra scripting engine that enables remote code execution when handling objects in memory, impacting ChakraCore with Windows 10 versions (including 1703/17...

7.6CVSS7.2AI score0.15875EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.116 views

CVE-2017-0229

CVE-2017-0229 is linked to a remote code execution in Microsoft Edge via memory-corrup­tion flaws in the scripting engine (Edge/Chakra) when handling in-memory objects. The connected advisories describe a ChakraCore/Edge RCE vulnerability with memory-corruption in the JavaScript engine, including...

7.6CVSS7.7AI score0.10701EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.115 views

CVE-2017-11837

CVE-2017-11837 affects ChakraCore/Edge scripting engine memory handling. Root cause: memory corruption when manipulating JavaScript objects in memory, enabling an attacker to execute code with the current user’s privileges. Affected products include ChakraCore and Microsoft Edge on Windows 10 (17...

7.6CVSS7.5AI score0.08546EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.111 views

CVE-2018-0891

The vulnerability is a ChakraCore/information-disclosure issue in the scripting engine. Public details show that ChakraCore and related components in Microsoft Edge/IE could disclose memory-resident objects due to scripting engine memory handling, affecting ChakraCore-based runtimes and Edge/IE o...

4.3CVSS5.1AI score0.14736EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.110 views

CVE-2016-7194

CVE-2016-7194 concerns the Chakra JavaScript engine used by Microsoft Edge. The connected advisories indicate a remote code execution / memory corruption vulnerability in ChakraCore, exploitable via a crafted web site, and note that this family includes CVE-2016-3386, CVE-2016-3389, and CVE-2016-...

7.6CVSS7.6AI score0.57866EPSS
Total number of security vulnerabilities255