Lucene search
+L

255 matches found

CVE
CVE
added 2017/07/11 9:0 p.m.76 views

CVE-2017-8603

CVE-2017-8603: A use-after-free in Microsoft Edge’s AsmJsInterpreter during HTML/script processing allows remote code execution in the current user context. Credited source (CPAI-2017-0656) notes Edge memory handling object processing as the root cause. Attack requires a user to open a crafted pa...

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.76 views

CVE-2017-8674

Technical details for CVE-2017-8674 are not publicly available in the provided documents; no affected products, root cause, or fixes are specified here. Monitor for updates from security advisories and vendor advisories.

7.6CVSS7.8AI score0.0889EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.75 views

CVE-2017-11845

Summary (CVE-2017-11845) : Microsoft Edge in Windows 10 version 1703 is affected by a memory corruption vulnerability in how Edge handles objects in memory, enabling remote code execution in the context of the current user when a user visits a crafted webpage. The issue is a remote exploit vector...

7.6CVSS7.5AI score0.0793EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.75 views

CVE-2017-8504

Technical details for CVE-2017-8504 are not publicly available in the provided documents. Monitor official advisories for updates and remediation information.

4.3CVSS4.4AI score0.05253EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.75 views

CVE-2017-8598

Technical details for CVE-2017-8598 are not provided in the connected documents. Monitor for updates from CIRCL/CNVD/Nessus sources for affected products, impacts, and fixes.

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.75 views

CVE-2017-8609

CVE-2017-8609 affects Microsoft Internet Explorer on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The root cause is a memory-corruption vulnerability in the JavaScript engine’s handling of objects in memory, leading to remote code execution. Exploitation can occur when a user visi...

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.75 views

CVE-2017-8660

CVE-2017-8660 affects Microsoft Edge in Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. Root cause: how the Microsoft Edge JavaScript engine renders objects in memory, leading to memory corruption. Impact: attacker can execute arbitrary code in the context of the current user. The...

9.3CVSS7.2AI score0.10144EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.75 views

CVE-2017-8753

CVE-2017-8753 : Microsoft Edge on Windows 10 (Gold/1511/1607/1703) and Windows Server 2016 is affected by a memory corruption issue in the Edge scripting engine when handling objects in memory, allowing an attacker to execute arbitrary code in the user’s context. Connected advisories corroborate ...

7.6CVSS7.1AI score0.08716EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.75 views

CVE-2018-0892

CVE-2018-0892 concerns Microsoft Edge information disclosure due to improper handling of objects in memory. The connected MS KB updates (KB4093107, KB4093112, KB4093119) document quality fixes for Internet Explorer/Microsoft Edge components, including SVG rendering issues and related memory acces...

4.3CVSS5.5AI score0.05382EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.74 views

CVE-2017-8734

CVE-2017-8734 affects Microsoft Edge in Windows 10/Server 2016, where memory handling of Edge objects enables arbitrary code execution in the current user context. The vulnerability stems from how Edge accesses in-memory objects, enabling remote code execution when a user loads a specially crafte...

7.6CVSS7.1AI score0.52537EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.74 views

CVE-2018-0932

CVE-2018-0932 affects Internet Explorer components in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Windows Server 2012/R2, and Internet Explorer/Edge on Windows 10, including IE in later builds (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The vulnerability is an infor...

4.3CVSS5.1AI score0.0608EPSS
CVE
CVE
added 2017/07/14 6:0 p.m.72 views

CVE-2017-0152

CVE-2017-0152 is described across multiple sources as a remote code execution vulnerability in the Microsoft scripting engine, with memory corruption that could allow an attacker to execute arbitrary code under the current user. Veracode specifically attributes the issue to ChakraCore’s handling ...

9.3CVSS8AI score0.10809EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.71 views

CVE-2016-0125

CVE-2016-0125 pertains to Microsoft Edge by mishandling the Referer policy, causing an information disclosure vulnerability that could expose a user’s request context or browsing history. Affected products include Microsoft Edge (and related IE components) with the root cause described as imprope...

3.1CVSS4.7AI score0.12181EPSS
CVE
CVE
added 2016/10/14 1:0 a.m.71 views

CVE-2016-3388

CVE-2016-3388 affects Microsoft Internet Explorer 10/11 and Microsoft Edge through improper restriction of access to private namespaces, enabling privilege escalation. The CIRCL/NVD entries in the connected data indicate an exploitation presence (exploit-db entry 40606), but the provided document...

5.3CVSS6.2AI score0.27587EPSS
CVE
CVE
added 2017/07/14 6:0 p.m.71 views

CVE-2017-0028

The connected data confirms CVE-2017-0028 affects the Microsoft scripting engine (ChakraCore) and is due to a use-after-free in Parse.cpp when asynchronous arrow functions are used, enabling remote code execution with the caller’s user rights. Impact is remote code execution in the context of the...

10CVSS9.3AI score0.18938EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.71 views

CVE-2017-8724

CVE-2017-8724 describes a spoofing vulnerability in Microsoft Edge on Windows 10 Version 1703, caused by the browser’s handling/parsing of HTTP content. An attacker could trick a user by redirecting to a specially crafted website. The CNVD entry confirms Edge spoofing in Edge on Windows 10 1703; ...

4.3CVSS4.4AI score0.0405EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.70 views

CVE-2016-3248

CVE-2016-3248 covers a memory corruption vulnerability in Microsoft scripting engines (JScript 9, VBScript, Chakra) used by IE 9–11 and Edge. Exploitation via a crafted web site could allow remote code execution or memory corruption leading to DoS. Affected components: JScript/VBScript/Chakra wit...

9.3CVSS8.6AI score0.22955EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.70 views

CVE-2017-8726

Microsoft Edge on Windows 10 (versions Gold, 1511, 1607, 1703, 1709) and Windows Server 2016 is affected by several CVEs related to how Edge handles objects in memory. CVE-2017-8726 describes a memory-corruption vulnerability in Microsoft Edge’s scripting engines that can allow arbitrary code exe...

4.3CVSS5.1AI score0.0719EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.70 views

CVE-2018-0998

CVE-2018-0998 concerns an information disclosure in Microsoft Edge PDF Reader where objects in memory are improperly handled. The affected product is Microsoft Edge. The connected MSKB updates (KB4093107, KB4093112, KB4093119) describe quality/security fixes across Edge and related components, im...

4.3CVSS5.5AI score0.0562EPSS
CVE
CVE
added 2026/03/13 9:10 p.m.69 views

CVE-2026-26133

CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...

7.1CVSS5.8AI score0.00433EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.68 views

CVE-2016-7181

CVE-2016-7181 is a memory corruption/remote code execution vulnerability in Microsoft Edge described as a vulnerability where a crafted website could trigger memory corruption to execute arbitrary code or cause a denial of service. The affected component is Microsoft Edge browser (Windows environ...

7.6CVSS7.8AI score0.13903EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.68 views

CVE-2017-8595

CVE-2017-8595 is a memory-corruption vulnerability in Microsoft Edge’s scripting engine on Windows 10/Server 2016, where improper handling of in-memory objects can lead to arbitrary code execution with the current user’s privileges. The connected sources indicate Edge’s JavaScript engine memory h...

7.6CVSS7.5AI score0.0837EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.68 views

CVE-2017-8643

CVE-2017-8643 affects Microsoft Edge in Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, enabling information disclosure by leaving a malicious website open during clipboard activity due to Edge clipboard event handling. The Nessus plugin for KB4038781 documents this as part of the Se...

4.3CVSS4.9AI score0.05837EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.68 views

CVE-2017-8735

CVE-2017-8735 is a Windows Edge spoofing vulnerability affecting Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, where Edge can be tricked into redirecting users to a specially crafted website due to how HTTP content is parsed. The connected sources corroborate this...

4.3CVSS5AI score0.03781EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.67 views

CVE-2016-0130

CVE-2016-0130: Connected CNVD entries describe a memory corruption vulnerability in Microsoft Edge that could be triggered by a crafted web site, enabling remote code execution or memory corruption in the context of the current user. The NVD entry reiterates remote code execution/DoS potential vi...

7.6CVSS7.7AI score0.13354EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.67 views

CVE-2016-7209

CVE-2016-7209 is a Microsoft Edge spoofing vulnerability. Microsoft browsers could be tricked into displaying content from a crafted website by exploiting HTTP response parsing weaknesses. Exploitation requires user interaction (e.g., clicking a link) or visiting a malicious site, per MSRC detail...

5.3CVSS5.7AI score0.09335EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.67 views

CVE-2017-8659

CVE-2017-8659 affects Microsoft Edge and Microsoft Internet Explorer on Windows 10 version 1703, due to the Chakra scripting engine not properly handling objects in memory, enabling information disclosure. The vulnerability is documented as a Chakra information disclosure issue with the Edge/IE m...

4.3CVSS4.8AI score0.06002EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.67 views

CVE-2017-8723

CVE-2017-8723 affects Microsoft Edge in Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016.根 The vulnerability is a security feature bypass in Edge CSP where certain crafted documents bypass CSP validation, enabling a user to be tricked into loading malicious content. Connected data corr...

4.3CVSS5.1AI score0.04314EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.67 views

CVE-2017-8754

Technical details for CVE-2017-8754 are not publicly available in the provided documents. Connected sources do not specify affected products, root cause, impact, or fixes. Monitor for updates from authoritative advisories.

4.2CVSS5.1AI score0.03455EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.67 views

CVE-2017-8757

CVE-2017-8757 is a remote code execution vulnerability in Microsoft Edge on Windows 10/Server 2016 where memory handling of Edge objects allows an attacker to run arbitrary code in the context of the current user. The issue is tied to Edge’s memory handling in regards to objects, and is listed am...

7.6CVSS7.4AI score0.16419EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.66 views

CVE-2016-0116

CVE-2016-0116 concerns a memory corruption vulnerability in Microsoft Edge exploitable via a crafted web site. The connected CNVD entries corroborate a remote memory corruption flaw in Edge that could allow arbitrary code execution in the context of the current user. The CNVD descriptions identif...

7.6CVSS7.7AI score0.10238EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.66 views

CVE-2017-8637

CVE-2017-8637 affects Microsoft Edge on Windows 10 version 1703, describing a security feature bypass of Arbitrary Code Guard (ACG) due to memory access in Edge’s JIT-compiled code. Connected sources detail that the Chakra/JIT server memory handling can process unvalidated loop headers, enabling ...

5.3CVSS6.5AI score0.05014EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.66 views

CVE-2017-8650

CVE-2017-8650 affects Microsoft Edge on Windows 10 version 1703 and is a security feature bypass caused by Edge failing to enforce same-origin policies. Attack vector involves cross-origin requests that can bypass SOP restrictions, potentially exposing information or bypassing security controls. ...

5.8CVSS6.6AI score0.0146EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.66 views

CVE-2017-8669

CVE-2017-8669 affects Microsoft browsers in supported Windows versions (Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10 1511/1607/1703, and Windows Server 2016) with memory handling weaknesses when rendering content. Root cause: objects i...

7.6CVSS8.1AI score0.08466EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.66 views

CVE-2017-8752

CVE-2017-8752 describes a memory corruption flaw in the Microsoft Edge scripting engine on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue arises from how the engine handles objects in memory, allowing an attacker to execute arbitrary code in the context of the current u...

7.6CVSS7AI score0.08891EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.65 views

CVE-2016-0129

Technical details (affected products, versions, root cause, and exploit specifics) are not provided in the supplied documents. Monitor for updates from CNVD/NVD sources.

7.6CVSS7.7AI score0.13354EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.65 views

CVE-2017-8661

CVE-2017-8661 is a remote-code-execution vulnerability in the Microsoft Edge scripting engine and related Windows scripting components. The issue arises from memory handling of objects in memory, allowing an attacker to run arbitrary code in the context of the current user if a user visits a spec...

7.6CVSS7.9AI score0.05737EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.64 views

CVE-2017-8599

CVE-2017-8599 - Microsoft Edge Security Feature Bypass is tied to Edge CSP validation failures in affected Windows 10 editions (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability describes an attacker tricking a user into loading a page with malicious content due to improper valid...

6.5CVSS6.2AI score0.05142EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.63 views

CVE-2017-8498

CVE-2017-8498 affects Microsoft Edge on Windows 10 1607/1703 and Windows Server 2016. When Edge runs JavaScript that uses XML DOM objects to detect installed browser extensions, an attacker can read data not intended to be disclosed. This CVE is separate from CVE-2017-8504. No exploitation, remed...

4.3CVSS4.4AI score0.0518EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.63 views

CVE-2017-8611

CVE-2017-8611 affects Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability allows remote attackers to spoof web content via a crafted website. The NVD lists CVSS v3.0 base score 6.5 (I:H, A:N; UI:R). No remediation details are provided in the connected ...

6.5CVSS6.1AI score0.11495EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.62 views

CVE-2016-0105

Summary of CVE-2016-0105 details (IE/Edge): A memory corruption vulnerability in Microsoft Internet Explorer 9–11 and Microsoft Edge that can be triggered by a crafted web site, potentially allowing remote code execution or a denial of service. Connected CNVD entries corroborate the surface: affe...

7.6CVSS7.6AI score0.14108EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.62 views

CVE-2016-3246

CVE-2016-3246 is a memory‑corruption vulnerability in Microsoft Edge (and related Microsoft browsers) that enables remote code execution via a crafted web site. The root cause is improper handling of objects in memory, leading to memory corruption and arbitrary code execution in the context of th...

7.6CVSS7.9AI score0.14121EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.62 views

CVE-2016-7204

CVE-2016-7204 affects Microsoft Edge and is described as an information-disclosure vulnerability where Edge improperly handles memory objects. The vulnerability could allow a remote attacker to access a user’s My Documents folder via a crafted web site. Exploitation requirements include persuadin...

3.1CVSS5AI score0.11441EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.61 views

CVE-2016-3244

CVE-2016-3244 affects Microsoft Edge and is a security feature bypass where ASLR protections could be bypassed via a crafted web page. The underlying issue is that Edge does not properly implement ASLR, enabling a remote attacker to bypass address space layout randomization. The record confirms E...

4.3CVSS5.8AI score0.18752EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.60 views

CVE-2016-0110

CVE-2016-0110 affects Microsoft Internet Explorer 10–11 and Microsoft Edge. Root cause: memory corruption due to improper memory handling (e.g., mismatched array copy/object access) when processing crafted web content, leading to remote code execution or memory corruption. Impact: remote attacker...

7.6CVSS7.7AI score0.14108EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.60 views

CVE-2016-0123

Microsoft Edge memory corruption vulnerability exists; appears in CNVD reports describing a remote attacker executing arbitrary code via a crafted web site due to improper memory access. Edge is the affected software; impact is remote code execution in the context of the current user. The provide...

7.6CVSS7.7AI score0.16644EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.60 views

CVE-2016-0124

Microsoft Edge contains a memory corruption vulnerability that can be exploited by a crafted web site to execute arbitrary code or cause a denial of service. The CNVD entries describe a remote attacker able to run code in the context of the current user due to improper memory handling in Edge, al...

7.6CVSS7.7AI score0.13354EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.58 views

CVE-2017-8617

CVE-2017-8617 is a remote code execution vulnerability in Microsoft Edge on Windows 10 (1703) where memory objects are mishandled by scripting engines. Underlying cause: improper handling of objects in memory in Edge’s scripting engine, allowing an attacker to execute arbitrary code in the contex...

7.6CVSS7.3AI score0.10999EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.56 views

CVE-2017-8503

CVE-2017-8503 affects Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016, where an attacker can escape the AppContainer sandbox, enabling elevation of privilege. The description in the connected documents reiterates this Edge sandbox escape vulnerability and distingu...

8.8CVSS7AI score0.0117EPSS
CVE
CVE
added 2017/07/14 6:0 p.m.53 views

CVE-2017-0196

Summary: CVE-2017-0196 concerns the Microsoft scripting engine (ChakraCore) exposing information through a heap over-read in the IsMissingItem function when processing crafted web content, enabling a remote attacker to read confidential memory. Affected component: Microsoft ChakraCore JavaScript ...

6.5CVSS5.9AI score0.18152EPSS
Total number of security vulnerabilities255