Edge
by Microsoft
Source repositories
CVEs (738)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6073 | 0.01 | — | 0.17 | Nov 11, 2015 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068,… | |||
| CVE-2015-6057 | 0.01 | — | 0.16 | Oct 14, 2015 | Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |||
| CVE-2015-2485 | 0.01 | — | 0.17 | Sep 9, 2015 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and… | |||
| CVE-2015-2449 | 0.01 | — | 0.16 | Aug 14, 2015 | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||
| CVE-2015-2446 | 0.01 | — | 0.16 | Aug 14, 2015 | Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2447. | |||
| CVE-2015-2442 | 0.01 | — | 0.16 | Aug 14, 2015 | Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2444. | |||
| CVE-2015-2441 | 0.01 | — | 0.19 | Aug 14, 2015 | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2452. | |||
| CVE-2026-32208 | 0.00 | — | 0.00 | Jun 19, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2026-24305 | 0.00 | — | 0.01 | Jan 22, 2026 | Azure Entra ID Elevation of Privilege Vulnerability | |||
| CVE-2026-21223 | 0.00 | — | 0.00 | Jan 16, 2026 | Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | |||
| CVE-2025-62224 | 0.00 | — | 0.00 | Jan 7, 2026 | User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2025-62223 | 0.00 | — | 0.00 | Dec 5, 2025 | User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-60711 | 0.00 | — | 0.00 | Oct 31, 2025 | Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network. | |||
| CVE-2025-59246 | 0.00 | — | 0.07 | Oct 9, 2025 | Azure Entra ID Elevation of Privilege Vulnerability | |||
| CVE-2025-59218 | 0.00 | — | 0.01 | Oct 9, 2025 | Azure Entra ID Elevation of Privilege Vulnerability | |||
| CVE-2025-59251 | 0.00 | — | 0.00 | Sep 24, 2025 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | |||
| CVE-2025-53791 | 0.00 | — | 0.00 | Sep 5, 2025 | Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2025-55241 | 0.00 | — | 0.02 | Sep 4, 2025 | Azure Entra ID Elevation of Privilege Vulnerability | |||
| CVE-2025-47963 | 0.00 | — | 0.01 | Jul 11, 2025 | No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2025-47182 | 0.00 | — | 0.00 | Jul 11, 2025 | Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. |
- CVE-2015-6073Nov 11, 2015risk 0.01cvss —epss 0.17
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6068,…
- CVE-2015-6057Oct 14, 2015risk 0.01cvss —epss 0.16
Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
- CVE-2015-2485Sep 9, 2015risk 0.01cvss —epss 0.17
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and…
- CVE-2015-2449Aug 14, 2015risk 0.01cvss —epss 0.16
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."
- CVE-2015-2446Aug 14, 2015risk 0.01cvss —epss 0.16
Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2447.
- CVE-2015-2442Aug 14, 2015risk 0.01cvss —epss 0.16
Microsoft Internet Explorer 8 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2444.
- CVE-2015-2441Aug 14, 2015risk 0.01cvss —epss 0.19
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2452.
- CVE-2026-32208Jun 19, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network.
- CVE-2026-24305Jan 22, 2026risk 0.00cvss —epss 0.01
Azure Entra ID Elevation of Privilege Vulnerability
- CVE-2026-21223Jan 16, 2026risk 0.00cvss —epss 0.00
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
- CVE-2025-62224Jan 7, 2026risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network.
- CVE-2025-62223Dec 5, 2025risk 0.00cvss —epss 0.00
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-60711Oct 31, 2025risk 0.00cvss —epss 0.00
Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
- CVE-2025-59246Oct 9, 2025risk 0.00cvss —epss 0.07
Azure Entra ID Elevation of Privilege Vulnerability
- CVE-2025-59218Oct 9, 2025risk 0.00cvss —epss 0.01
Azure Entra ID Elevation of Privilege Vulnerability
- CVE-2025-59251Sep 24, 2025risk 0.00cvss —epss 0.00
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
- CVE-2025-53791Sep 5, 2025risk 0.00cvss —epss 0.00
Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
- CVE-2025-55241Sep 4, 2025risk 0.00cvss —epss 0.02
Azure Entra ID Elevation of Privilege Vulnerability
- CVE-2025-47963Jul 11, 2025risk 0.00cvss —epss 0.01
No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-47182Jul 11, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
Page 29 of 37