Edge@* Security Vulnerabilities and Issues — Page 4 of Edge@* CVE List

A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-201...

7.6CVSS7.7AI score0.55566EPSS

CVE•added 2022/12/13 7:15 p.m.•105 views

CVE-2022-44688

Microsoft Edge (Chromium-based) Spoofing Vulnerability

4.3CVSS5.3AI score0.00097EPSS

CVE•added 2024/04/18 7:15 p.m.•105 views

CVE-2024-29986

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

5.4CVSS5.1AI score0.00122EPSS

CVE•added 2024/10/17 11:15 p.m.•104 views

CVE-2024-43587

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.1CVSS6.5AI score0.02383EPSS

CVE•added 2025/01/17 8:15 p.m.•104 views

CVE-2025-21185

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

6.5CVSS6.9AI score0.0015EPSS

CVE•added 2025/03/07 7:15 p.m.•104 views

CVE-2025-26643

The UI performs the wrong action in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

5.4CVSS5.2AI score0.00106EPSS

CVE•added 2022/06/15 10:15 p.m.•102 views

CVE-2022-22021

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.3CVSS8.3AI score0.00536EPSS

CVE•added 2016/10/14 2:59 a.m.•101 views

CVE-2016-7190

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016...

7.6CVSS7.6AI score0.79242EPSS

CVE•added 2022/06/01 8:15 p.m.•99 views

CVE-2022-30127

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.3CVSS8.1AI score0.00622EPSS

CVE•added 2017/11/15 3:29 a.m.•98 views

CVE-2017-11791

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allo...

3.1CVSS4.7AI score0.17734EPSS

CVE•added 2022/02/07 5:15 p.m.•98 views

CVE-2022-23261

Microsoft Edge (Chromium-based) Tampering Vulnerability

5.3CVSS5.4AI score0.01113EPSS

CVE•added 2017/09/13 1:29 a.m.•95 views

CVE-2017-8741

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the con...

7.6CVSS7.2AI score0.76981EPSS

CVE•added 2022/10/11 7:15 p.m.•95 views

CVE-2022-41035

Microsoft Edge (Chromium-based) Spoofing Vulnerability

5.3CVSS6.8AI score0.00216EPSS

CVE•added 2017/03/17 12:59 a.m.•94 views

CVE-2017-0068

Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017, and CVE-2017-...

4.3CVSS4.2AI score0.28148EPSS

CVE•added 2017/05/12 2:29 p.m.•93 views

CVE-2017-0229

A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017...

7.6CVSS7.7AI score0.55566EPSS

CVE•added 2022/02/07 5:15 p.m.•93 views

CVE-2022-23263

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

7.7CVSS6.7AI score0.00938EPSS

CVE•added 2024/08/23 11:15 p.m.•93 views

CVE-2024-38207

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

6.3CVSS6.2AI score0.00254EPSS

CVE•added 2025/05/02 2:15 a.m.•93 views

CVE-2025-29825

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS6.2AI score0.00099EPSS

CVE•added 2024/08/12 1:38 p.m.•92 views

CVE-2024-38219

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

9CVSS6.9AI score0.00372EPSS

CVE•added 2024/10/17 11:15 p.m.•92 views

CVE-2024-43566

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

9.8CVSS8.1AI score0.07186EPSS

CVE•added 2024/11/14 8:15 p.m.•92 views

CVE-2024-49025

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

5.4CVSS5.1AI score0.0019EPSS

CVE•added 2025/04/04 1:15 a.m.•92 views

CVE-2025-29815

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

7.6CVSS7.8AI score0.0008EPSS

CVE•added 2018/03/14 5:29 p.m.•89 views

CVE-2018-0872

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2...

7.6CVSS7.2AI score0.85621EPSS

CVE•added 2017/03/17 12:59 a.m.•88 views

CVE-2017-0023

The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 and R2; Windows RT 8.1; and Windows 10, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

7.6CVSS7.8AI score0.27879EPSS

CVE•added 2017/05/12 2:29 p.m.•88 views

CVE-2017-0235

7.6CVSS7.7AI score0.55566EPSS

CVE•added 2017/11/15 3:29 a.m.•88 views

CVE-2017-11846

ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows a...

7.5CVSS7.5AI score

CVE•added 2017/08/10 6:29 p.m.•88 views

CVE-2017-8518

Microsoft Edge allows a remote code execution vulnerability due to the way it accesses objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".

7.6CVSS6AI score0.2401EPSS

CVE•added 2021/09/02 11:15 p.m.•87 views

CVE-2021-26436

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

8.1CVSS6.7AI score0.01112EPSS

CVE•added 2017/08/08 9:29 p.m.•86 views

CVE-2017-8645

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vul...

7.6CVSS7.8AI score0.81883EPSS

CVE•added 2024/08/22 11:15 p.m.•86 views

CVE-2024-38209

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01089EPSS

CVE•added 2025/02/15 12:15 a.m.•86 views

CVE-2025-21401

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

4.5CVSS6.8AI score0.00083EPSS

CVE•added 2016/10/14 2:59 a.m.•85 views

CVE-2016-7194

7.6CVSS7.6AI score0.79242EPSS

CVE•added 2023/07/14 6:15 p.m.•85 views

CVE-2023-36888

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability

6.3CVSS6.3AI score0.00163EPSS

CVE•added 2024/10/17 11:15 p.m.•85 views

CVE-2024-43596

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.8CVSS7AI score0.00723EPSS

CVE•added 2025/02/06 11:15 p.m.•85 views

CVE-2025-21408

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.8CVSS8.9AI score0.00246EPSS

CVE•added 2017/11/15 3:29 a.m.•84 views

CVE-2017-11840

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vuln...

7.6CVSS7.5AI score

CVE•added 2025/04/04 1:15 a.m.•84 views

CVE-2025-25001

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

4.3CVSS6.9AI score0.0007EPSS

CVE•added 2017/03/17 12:59 a.m.•83 views

CVE-2017-0011

Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

4.3CVSS4.1AI score0.28148EPSS

CVE•added 2017/11/15 3:29 a.m.•83 views

CVE-2017-11858

7.6CVSS7.6AI score

CVE•added 2023/07/01 12:15 a.m.•83 views

CVE-2021-31982

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

8.8CVSS8.6AI score0.03313EPSS

CVE•added 2022/01/11 9:15 p.m.•83 views

CVE-2022-21954

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

6.1CVSS6.3AI score0.00815EPSS

CVE•added 2016/08/09 9:59 p.m.•82 views

CVE-2016-3319

The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability."

9.3CVSS7.3AI score0.37191EPSS

CVE•added 2016/11/10 6:59 a.m.•82 views

CVE-2016-7195

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198.

7.6CVSS7.8AI score0.30629EPSS

CVE•added 2017/03/17 12:59 a.m.•82 views

CVE-2017-0012

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

4.3CVSS4.3AI score0.10334EPSS

Total number of security vulnerabilities420