Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-21387

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-26 Jan, 2024 | 00:29
Updated At-03 May, 2025 | 01:46
Rejected At-
Credits

Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:26 Jan, 2024 | 00:29
Updated At:03 May, 2025 | 01:46
Rejected At:
ā–¼CVE Numbering Authority (CNA)
Microsoft Edge for Android Spoofing Vulnerability

Microsoft Edge for Android Spoofing Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Edge (Chromium-based)
Platforms
  • Unknown
Versions
Affected
  • From 1.0.0 before 121.0.2277.83 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Edge (Chromium-based) Extended Stable
Platforms
  • Unknown
Versions
Affected
  • From 1.0.0 before 120.0.2210.160 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-357CWE-357: Insufficient UI Warning of Dangerous Operations
Type: CWE
CWE ID: CWE-357
Description: CWE-357: Insufficient UI Warning of Dangerous Operations
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387
Resource:
vendor-advisory
ā–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387
Resource:
vendor-advisory
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:26 Jan, 2024 | 01:15
Updated At:11 Jun, 2024 | 15:16

Microsoft Edge for Android Spoofing Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Microsoft Corporation
microsoft
>>edge_chromium>>Versions before 120.0.2210.160(exclusive)
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:extended_stable:*:*:*
Microsoft Corporation
microsoft
>>edge_chromium>>Versions before 121.0.2277.83(exclusive)
cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-357Secondarysecure@microsoft.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-357
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387secure@microsoft.com
Patch
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387
Source: secure@microsoft.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

31Records found
CVE-2021-34451
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.39% / 80.75%
||
7 Day CHG-0.15%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Online Server Spoofing Vulnerability

Microsoft Office Online Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_serverMicrosoft Office Online Server
CVE-2021-34517
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-2.36% / 85.28%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Spoofing Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Foundation 2013 Service Pack 1Microsoft SharePoint Enterprise Server 2013 Service Pack 1
CVE-2026-3939
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-16 Mar, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-3940
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 9.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-16 Mar, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-284
Improper Access Control
CVE-2026-3930
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-8
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.03% / 9.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 22:04
Updated-16 Mar, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unsafe navigation in Navigation in Google Chrome on iOS prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationGoogle LLCLinux Kernel Organization, Inc
Product-linux_kernelchromewindowsmacosChrome
CWE ID-CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2025-64667
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 10.00%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15Microsoft Exchange Server Subscription Edition RTM
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2021-29488
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 55.47%
||
7 Day CHG~0.00%
Published-07 May, 2021 | 15:00
Updated-03 Aug, 2024 | 22:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Creation of files outside the Download Folder through malicious PAR2 files

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.

Action-Not Available
Vendor-sabnzbdsabnzbdLinux Kernel Organization, IncApple Inc.Microsoft Corporation
Product-sabnzbdwindowsmacoslinux_kernelsabnzbd
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-2812
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
ShareView Details
Matching Score-8
Assigner-Environmental Systems Research Institute, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 26.70%
||
7 Day CHG~0.00%
Published-20 May, 2026 | 17:47
Updated-21 May, 2026 | 18:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Authentication issue in ArcGIS Server

ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issue by sending a crafted request to the endpoint. Successful exploitation may result in disruption of the web-based browsing interface. This issue affects ArcGIS Server 12.0 and earlier.

Action-Not Available
Vendor-Microsoft CorporationEnvironmental Systems Research Institute, Inc. ("Esri")Linux Kernel Organization, Inc
Product-linux_kernelarcgis_serverwindowsArcGIS Server
CWE ID-CWE-287
Improper Authentication
CVE-2025-25007
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.00% / 86.86%
||
7 Day CHG+1.42%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15
CWE ID-CWE-1286
Improper Validation of Syntactic Correctness of Input
CVE-2025-25006
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-3.25% / 87.41%
||
7 Day CHG+1.74%
Published-12 Aug, 2025 | 17:09
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15
CWE ID-CWE-167
Improper Handling of Additional Special Element
CVE-2025-21259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.00% / 77.44%
||
7 Day CHG+0.37%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Spoofing Vulnerability

Microsoft Outlook Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Outlook for Android
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2023-37401
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 9.78%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 13:54
Updated-14 Oct, 2025 | 20:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex cross-origin resource sharing

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted.

Action-Not Available
Vendor-Microsoft CorporationIBM CorporationLinux Kernel Organization, Inc
Product-linux_kernelwindowsaspera_faspexAspera Faspex
CWE ID-CWE-942
Permissive Cross-domain Policy with Untrusted Domains
CVE-2023-45284
Matching Score-8
Assigner-Go Project
ShareView Details
Matching Score-8
Assigner-Go Project
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 10.88%
||
7 Day CHG~0.00%
Published-09 Nov, 2023 | 16:30
Updated-03 Sep, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect detection of reserved device names on Windows in path/filepath

On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as "COM1 ", and reserved names "COM" and "LPT" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.

Action-Not Available
Vendor-Go standard libraryGoMicrosoft Corporation
Product-gowindowspath/filepathgo
CVE-2023-35901
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 10.80%
||
7 Day CHG~0.00%
Published-16 Jul, 2023 | 23:31
Updated-22 Oct, 2024 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation security bypass

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-robotic_process_automationrobotic_process_automation_as_a_serviceopenshiftwindowsrobotic_process_automation_for_cloud_pakRobotic Process Automation
CWE ID-CWE-287
Improper Authentication
CVE-2023-35619
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-1.36% / 80.54%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 18:10
Updated-01 Jan, 2025 | 02:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook for Mac Spoofing Vulnerability

Microsoft Outlook for Mac Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-20
Improper Input Validation
CVE-2020-8927
Matching Score-8
Assigner-Google LLC
ShareView Details
Matching Score-8
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 54.55%
||
7 Day CHG~0.00%
Published-15 Sep, 2020 | 09:15
Updated-29 May, 2026 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer overflow in Brotli library

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.

Action-Not Available
Vendor-Microsoft CorporationopenSUSECanonical Ltd.Debian GNU/LinuxGoogle LLCFedora Project
Product-ubuntu_linuxdebian_linuxvisual_studio_2022visual_studio_2019fedora.netpowershellbrotli.net_coreleapBrotli
CWE ID-CWE-130
Improper Handling of Length Parameter Inconsistency
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-21743
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-11.60% / 93.81%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 00:00
Updated-28 Feb, 2025 | 21:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Security Feature Bypass Vulnerability

Microsoft SharePoint Server Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Server 2019Microsoft SharePoint Enterprise Server 2016Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2022-23774
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.67%
||
7 Day CHG~0.00%
Published-01 Feb, 2022 | 05:30
Updated-03 Aug, 2024 | 03:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files.

Action-Not Available
Vendor-n/aDocker, Inc.Microsoft Corporation
Product-windowsdocker_desktopn/a
CVE-2022-30532
Matching Score-8
Assigner-Octopus Deploy
ShareView Details
Matching Score-8
Assigner-Octopus Deploy
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 48.41%
||
7 Day CHG~0.00%
Published-19 Jul, 2022 | 06:50
Updated-03 Aug, 2024 | 06:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.

Action-Not Available
Vendor-Microsoft CorporationLinux Kernel Organization, IncOctopus Deploy Pty. Ltd.
Product-octopus_serverwindowslinux_kernelOctopus Server
CVE-2022-23261
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.82% / 74.84%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 17:10
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Tampering Vulnerability

Microsoft Edge (Chromium-based) Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CVE-2025-3940
Matching Score-8
Assigner-Honeywell International Inc.
ShareView Details
Matching Score-8
Assigner-Honeywell International Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 57.72%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 12:35
Updated-04 Jun, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Use of Validation Framework

Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11.Ā Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11.

Action-Not Available
Vendor-tridiumTridiumMicrosoft CorporationBlackBerry LimitedLinux Kernel Organization, Inc
Product-niagara_enterprise_securityqnxwindowslinux_kernelniagaraNiagara FrameworkNiagara Enterprise Security
CWE ID-CWE-1173
Improper Use of Validation Framework
CVE-2024-30058
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 54.20%
||
7 Day CHG~0.00%
Published-13 Jun, 2024 | 19:24
Updated-17 Dec, 2025 | 22:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Edge (Chromium-based)
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-29057
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.86% / 75.41%
||
7 Day CHG-0.11%
Published-22 Mar, 2024 | 21:39
Updated-03 May, 2025 | 00:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-26188
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.31% / 87.52%
||
7 Day CHG~0.00%
Published-23 Feb, 2024 | 22:16
Updated-03 May, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge for Android
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2025-47967
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 31.53%
||
7 Day CHG~0.00%
Published-16 Sep, 2025 | 18:13
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgeMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2026-26151
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.08% / 23.87%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:56
Updated-01 Jun, 2026 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_11_26h1windows_server_2022_23h2windows_server_2019windows_11_23h2windows_server_2022windows_server_2012windows_10_22h2windows_10_21h2windows_11_24h2windows_11_25h2windows_10_1607windows_10_1809windows_server_2016Windows 11 Version 23H2Windows Server 2016Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows 11 version 26H1Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 22H3Windows Server 2016 (Server Core installation)Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2012Windows 11 Version 25H2Windows 10 Version 22H2Windows Server 2012 R2
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-49054
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 31.38%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 14:38
Updated-08 Jul, 2025 | 15:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-43580
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 57.73%
||
7 Day CHG~0.00%
Published-17 Oct, 2024 | 22:39
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-43505
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.02% / 77.62%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2025-33054
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.16% / 79.02%
||
7 Day CHG+0.20%
Published-08 Jul, 2025 | 16:56
Updated-13 Feb, 2026 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Remote Desktop Spoofing Vulnerability

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_23h2windows_server_2025windows_11_22h2windows_11_24h2Windows Server 2025Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows 11 Version 23H2Windows 11 version 22H2Windows 11 version 22H3
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2024-21336
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-2.5||LOW
EPSS-0.33% / 56.61%
||
7 Day CHG~0.00%
Published-26 Jan, 2024 | 17:40
Updated-03 May, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
Details not found