Skip to main content

Edge

752 CVEs product

Monthly

CVE-2025-62224 MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47967 MEDIUM Monitor

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2025-49755 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49736 MEDIUM Monitor

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Edge Android
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-29796 MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple Edge iOS
NVD
CVSS 3.1
4.7
EPSS
1.6%
CVE-2025-25001 MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google XSS Edge Chrome
NVD
CVSS 3.1
4.3
EPSS
1.7%
CVE-2025-21253 MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure Apple Edge +2
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-38222 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2024-41879 HIGH PATCH This Week

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE Memory Corruption Acrobat Reader +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2024-38208 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38103 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2024-38156 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft Edge
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-38093 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-38082 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.7
EPSS
0.5%
CVE-2024-30057 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft Edge
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-29057 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2024-26247 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge
NVD
CVSS 3.1
4.7
EPSS
1.1%
CVE-2024-26196 MEDIUM PATCH This Month

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2024-26246 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Authentication Bypass Google Microsoft Edge
NVD
CVSS 3.1
3.9
EPSS
0.6%
CVE-2024-26167 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-26188 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-34982 HIGH This Week

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-33873 HIGH This Week

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36029 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-5217 npm HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Libvpx Edge +9
NVD GitHub
CVSS 3.1
8.8
EPSS
49.0%
CVE-2023-36883 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Apple Authentication Bypass Edge
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-28301 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
3.7
EPSS
0.9%
CVE-2023-28284 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-44708 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Google Edge Edge Chromium
NVD
CVSS 3.1
8.3
EPSS
1.9%
CVE-2022-4135 npm CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow Chrome Edge +1
NVD
CVSS 3.1
9.6
EPSS
31.9%
CVE-2021-41351 MEDIUM PATCH This Month

Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
3.6%
CVE-2021-23443 npm MEDIUM POC PATCH This Month

This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Edge
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-38669 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Google Microsoft Information Disclosure Edge Edge Chromium
NVD
CVSS 3.1
6.4
EPSS
2.6%
CVE-2021-30624 HIGH PATCH This Week

Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30623 HIGH PATCH This Week

Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.0%
CVE-2021-30622 HIGH PATCH This Week

Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30621 MEDIUM PATCH This Month

Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2021-30620 HIGH PATCH This Week

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30619 MEDIUM PATCH This Month

Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.5%
CVE-2021-30618 HIGH PATCH This Week

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30617 MEDIUM PATCH This Month

Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
3.7%
CVE-2021-30616 HIGH PATCH This Week

Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-30615 MEDIUM PATCH This Month

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora Edge Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
5.6%
CVE-2021-30614 HIGH PATCH This Week

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google Fedora Edge +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2021-30613 HIGH PATCH This Week

Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30612 HIGH PATCH This Week

Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-30611 HIGH PATCH This Week

Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2021-30610 HIGH PATCH This Week

Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30609 HIGH PATCH This Week

Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2021-30608 HIGH PATCH This Week

Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30607 HIGH PATCH This Week

Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Fedora +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-30606 HIGH PATCH This Week

Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption Google Edge +2
NVD
CVSS 3.1
8.8
EPSS
4.1%
CVE-2021-38642 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38641 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-36930 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Microsoft Privilege Escalation Edge
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-26439 MEDIUM PATCH This Month

Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.6
EPSS
2.5%
CVE-2021-26436 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2021-27338 MEDIUM This Month

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edge
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24100 MEDIUM PATCH This Month

Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
5.0
EPSS
2.8%
CVE-2021-21157 HIGH POC This Week

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Edge +3
NVD
CVSS 3.1
8.8
EPSS
9.5%
CVE-2021-21141 MEDIUM PATCH This Month

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome Edge
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2021-21140 MEDIUM PATCH This Month

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Chrome Edge
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2021-1705 MEDIUM This Month

Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Microsoft Edge
NVD
CVSS 3.1
4.2
EPSS
1.9%
CVE-2020-17153 MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
2.1%
CVE-2020-17131 NuGet MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
1.9%
CVE-2020-17058 HIGH PATCH This Week

Microsoft Browser Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption Edge Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
2.9%
CVE-2020-17054 NuGet MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
1.9%
CVE-2020-17052 HIGH PATCH This Week

Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Internet Explorer Edge
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2020-17048 NuGet MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
1.5%
CVE-2020-16009 NuGet HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption Cefsharp Chrome +6
NVD
CVSS 3.1
8.8
EPSS
48.6%
CVE-2020-1180 NuGet MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Chakracore Edge
NVD
CVSS 3.1
4.2
EPSS
2.1%
CVE-2020-1172 NuGet MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Chakracore Edge
NVD
CVSS 3.1
4.2
EPSS
2.1%
CVE-2020-1057 NuGet MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Edge Chakracore
NVD
CVSS 3.1
4.2
EPSS
2.1%
CVE-2020-16884 MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Edge
NVD
CVSS 3.1
4.2
EPSS
1.8%
CVE-2020-0878 MEDIUM KEV PATCH THREAT This Month

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer +2
NVD
CVSS 3.1
4.2
EPSS
2.7%
CVE-2020-1569 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge
NVD
CVSS 3.1
7.8
EPSS
3.0%
CVE-2020-1568 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Edge
NVD
CVSS 3.1
7.5
EPSS
3.1%
CVE-2020-1555 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2020-1462 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
4.3
EPSS
4.2%
CVE-2020-1433 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
6.5
EPSS
5.3%
CVE-2020-1242 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Edge
NVD
CVSS 3.1
5.3
EPSS
3.8%
CVE-2020-1220 MEDIUM PATCH This Month

A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Microsoft Open Redirect Edge
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-1219 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Buffer Overflow Microsoft RCE Memory Corruption Internet Explorer +2
NVD
CVSS 3.1
7.5
EPSS
19.1%
CVE-2020-1073 NuGet HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Edge Chakracore
NVD
CVSS 3.1
8.1
EPSS
8.6%
CVE-2020-1195 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure Edge
NVD
CVSS 3.1
5.9
EPSS
2.5%
CVE-2020-1096 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Edge
NVD
CVSS 3.1
7.5
EPSS
7.1%
CVE-2020-1065 NuGet HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption Chakracore Edge
NVD
CVSS 3.1
7.5
EPSS
7.7%
CVE-2020-1059 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Microsoft Open Redirect Edge
NVD
CVSS 3.1
4.3
EPSS
2.0%
CVE-2020-1056 HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Microsoft Edge
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2020-1037 NuGet HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE Memory Corruption Edge +1
NVD
CVSS 3.1
7.5
EPSS
7.7%
EPSS 0% CVSS 5.5
MEDIUM This Month

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]

Microsoft Android Edge
NVD
EPSS 0% CVSS 4.7
MEDIUM Monitor

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft +2
NVD
EPSS 2% CVSS 4.7
MEDIUM Monitor

User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Apple +2
NVD
EPSS 2% CVSS 4.3
MEDIUM This Month

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google XSS +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Information Disclosure +4
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Adobe RCE +3
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft +1
NVD
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Google Microsoft +1
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft +1
NVD
EPSS 1% CVSS 4.7
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Google +2
NVD
EPSS 1% CVSS 3.9
LOW PATCH Monitor

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.

Authentication Bypass Google Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Google Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Batch Management Communication Drivers +11
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Batch Management Communication Drivers +11
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft +1
NVD
EPSS 49% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google +11
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Apple Authentication Bypass +1
NVD
EPSS 1% CVSS 3.7
LOW PATCH Monitor

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft +1
NVD
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft +1
NVD
EPSS 2% CVSS 8.3
HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Google +2
NVD
EPSS 32% CVSS 9.6
CRITICAL POC KEV PATCH THREAT Act Now

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Google Buffer Overflow +3
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Authentication Bypass Edge
NVD GitHub
EPSS 3% CVSS 6.4
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Google Microsoft Information Disclosure +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 4% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 6% CVSS 6.5
MEDIUM PATCH This Month

Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Information Disclosure Fedora +2
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Google +3
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 4% CVSS 8.8
HIGH PATCH This Week

Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Use After Free Denial Of Service Memory Corruption +4
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apple Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Google Microsoft Privilege Escalation +1
NVD
EPSS 2% CVSS 4.6
MEDIUM PATCH This Month

Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edge
NVD GitHub
EPSS 3% CVSS 5.0
MEDIUM PATCH This Month

Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 9% CVSS 8.8
HIGH POC This Week

Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption +5
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Authentication Bypass Chrome +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Google Chrome +1
NVD
EPSS 2% CVSS 4.2
MEDIUM This Month

Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Microsoft Edge
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Google Microsoft Information Disclosure +1
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

Microsoft Browser Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft Memory Corruption +2
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Internet Explorer +1
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Edge +1
NVD
EPSS 49% CVSS 8.8
HIGH POC KEV PATCH THREAT This Week

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Google Memory Corruption +8
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 2% CVSS 4.2
MEDIUM PATCH This Month

<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 3% CVSS 4.2
MEDIUM KEV PATCH THREAT This Month

<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE +4
NVD
EPSS 3% CVSS 7.8
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE +2
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Edge
NVD
EPSS 5% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE +3
NVD
EPSS 4% CVSS 4.3
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
EPSS 4% CVSS 5.3
MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Edge
NVD
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Microsoft Open Redirect +1
NVD
EPSS 19% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Buffer Overflow Microsoft RCE +4
NVD
EPSS 9% CVSS 8.1
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 3% CVSS 5.9
MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Google Microsoft Information Disclosure +1
NVD
EPSS 7% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Microsoft Edge
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow RCE Memory Corruption +2
NVD
EPSS 2% CVSS 4.3
MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Microsoft Open Redirect Edge
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Microsoft Edge
NVD
EPSS 8% CVSS 7.5
HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Microsoft RCE +3
NVD
Page 1 of 9 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy