Microsoft Edge vulnerabilities
43 known vulnerabilities affecting microsoft/edge.
Total CVEs
43
CISA KEV
4
actively exploited
Public exploits
0
Exploited in wild
4
Severity breakdown
CRITICAL2HIGH20MEDIUM19LOW2
Vulnerabilities
Page 1 of 3
CVE-2026-32187MEDIUMCVSS 4.2fixed in 146.0.3856.842026-03-27
CVE-2026-32187 [MEDIUM] CWE-1021 CVE-2026-32187: Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
nvd
CVE-2026-26133HIGHCVSS 7.1fixed in 145.3800.992026-03-16
CVE-2026-26133 [HIGH] CWE-77 CVE-2026-26133: AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
nvd
CVE-2025-47967MEDIUMCVSS 4.7fixed in 140.0.3485.712025-09-16
CVE-2025-47967 [MEDIUM] CWE-357 CVE-2025-47967: Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-49736MEDIUMCVSS 4.3fixed in 139.0.3405.862025-08-12
CVE-2025-49736 [MEDIUM] CWE-449 CVE-2025-49736: The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to pe
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2025-25001MEDIUMCVSS 4.3fixed in 132.0.2957.1182025-04-04
CVE-2025-25001 [MEDIUM] CWE-79 CVE-2025-25001: Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Ed
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
nvd
CVE-2024-38222MEDIUMCVSS 6.5fixed in 128.0.2739.422024-09-12
CVE-2024-38222 [MEDIUM] CWE-276 CVE-2024-38222: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
nvd
CVE-2024-41879HIGHCVSS 7.8fixed in 128.0.2739.422024-08-26
CVE-2024-41879 [HIGH] CWE-787 CVE-2024-41879: Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerabil
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
nvd
CVE-2024-7971CRITICALCVSS 9.6KEVfixed in 128.0.2739.422024-08-21
CVE-2024-7971 [CRITICAL] CWE-843 CVE-2024-7971: Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit he
Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2024-38103MEDIUMCVSS 5.9fixed in 127.0.2651.742024-07-25
CVE-2024-38103 [MEDIUM] CWE-359 CVE-2024-38103: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
nvd
CVE-2024-38156MEDIUMCVSS 6.1fixed in 126.0.2592.1022024-07-19
CVE-2024-38156 [MEDIUM] CWE-79 CVE-2024-38156: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2024-38093MEDIUMCVSS 4.3fixed in 126.0.2592.682024-06-20
CVE-2024-38093 [MEDIUM] CWE-451 CVE-2024-38093: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2024-38082MEDIUMCVSS 4.7fixed in 126.0.2592.682024-06-20
CVE-2024-38082 [MEDIUM] CWE-451 CVE-2024-38082: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2024-29057MEDIUMCVSS 4.3fixed in 123.0.2420.532024-03-22
CVE-2024-29057 [MEDIUM] CWE-357 CVE-2024-29057: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2024-26247MEDIUMCVSS 4.7fixed in 123.0.2420.532024-03-22
CVE-2024-26247 [MEDIUM] CWE-269 CVE-2024-26247: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
nvd
CVE-2024-26196MEDIUMCVSS 4.3fixed in 122.0.2365.632024-03-21
CVE-2024-26196 [MEDIUM] CWE-259 CVE-2024-26196: Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
nvd
CVE-2024-26246LOWCVSS 3.9fixed in 122.0.2365.922024-03-14
CVE-2024-26246 [LOW] CWE-1220 CVE-2024-26246: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
nvd
CVE-2024-26188MEDIUMCVSS 4.3fixed in 122.0.2365.522024-02-23
CVE-2024-26188 [MEDIUM] CWE-357 CVE-2024-26188: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2023-36029MEDIUMCVSS 4.3fixed in 118.0.2088.882023-11-03
CVE-2023-36029 [MEDIUM] CVE-2023-36029: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Microsoft Edge (Chromium-based) Spoofing Vulnerability
nvd
CVE-2023-5217HIGHCVSS 8.8KEVv116.0.1938.98v117.0.2045.472023-09-28
CVE-2023-5217 [HIGH] CWE-787 CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
nvd
CVE-2023-28284MEDIUMCVSS 4.3fixed in 112.0.1722.342023-04-11
CVE-2023-28284 [MEDIUM] CWE-693 CVE-2023-28284: Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
nvd
1 / 3Next →