VYPR

Edge

by Microsoft

Source repositories

CVEs (738)

  • CVE-2026-45492MedMay 18, 2026
    risk 0.35cvss 5.4epss 0.00

    Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

  • CVE-2026-42838MedMay 12, 2026
    risk 0.35cvss 5.4epss 0.00

    Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-33119MedApr 10, 2026
    risk 0.35cvss 5.4epss 0.00

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2018-8512MedOct 10, 2018
    risk 0.35cvss 5.4epss 0.03

    A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is…

  • CVE-2018-0800MedJan 4, 2018
    risk 0.35cvss 5.3epss 0.07

    Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2017-11919MedDec 12, 2017
    risk 0.35cvss 5.3epss 0.06

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016, and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and…

  • CVE-2017-8650MedAug 8, 2017
    risk 0.35cvss 5.4epss 0.01

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".

  • CVE-2017-8637MedAug 8, 2017
    risk 0.35cvss 5.3epss 0.05

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".

  • CVE-2017-8530MedJun 15, 2017
    risk 0.35cvss 5.4epss 0.02

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature…

  • CVE-2017-0241MedMay 12, 2017
    risk 0.35cvss 5.3epss 0.03

    An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing…

  • CVE-2016-7281MedDec 20, 2016
    risk 0.35cvss 5.3epss 0.14

    The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."

  • CVE-2016-7209MedNov 10, 2016
    risk 0.35cvss 5.3epss 0.09

    Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."

  • CVE-2016-3392MedOct 14, 2016
    risk 0.35cvss 5.3epss 0.10

    The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."

  • CVE-2016-3391MedOct 14, 2016
    risk 0.35cvss 5.3epss 0.08

    Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."

  • CVE-2018-0891MedMar 14, 2018
    risk 0.32cvss 4.3epss 0.15

    ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow…

  • CVE-2017-8644MedAug 8, 2017
    risk 0.32cvss 4.3epss 0.15

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from…

  • CVE-2017-0011MedMar 17, 2017
    risk 0.31cvss 4.3epss 0.42

    Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

  • CVE-2017-0140MedMar 17, 2017
    risk 0.30cvss 4.2epss 0.29

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.

  • CVE-2017-0066MedMar 17, 2017
    risk 0.30cvss 4.2epss 0.30

    Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.

  • CVE-2017-0065MedMar 17, 2017
    risk 0.30cvss 4.3epss 0.27

    Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0017,…

Page 20 of 37