Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

edge_chromium

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

265
Related CVEsRelated VendorsRelated AssignersReports
265Vulnerabilities found

CVE-2026-58596
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.45% / 36.45%
||
7 Day CHG~0.00%
Published-12 Jul, 2026 | 15:22
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2026-58281
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.69% / 48.65%
||
7 Day CHG~0.00%
Published-11 Jul, 2026 | 20:55
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-58525
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.2||HIGH
EPSS-0.36% / 28.51%
||
7 Day CHG~0.00%
Published-08 Jul, 2026 | 20:43
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-284
Improper Access Control
CVE-2026-58523
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 38.01%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 21:26
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Security Feature Bypass Vulnerability

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-284
Improper Access Control
CVE-2026-58291
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.59% / 44.13%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-672
Operation on a Resource after Expiration or Release
CVE-2026-45489
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 38.01%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-749
Exposed Dangerous Method or Function
CVE-2026-58597
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 32.10%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-357
Insufficient UI Warning of Dangerous Operations
CVE-2026-58300
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.34% / 25.92%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-36
Absolute Path Traversal
CVE-2026-58298
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.2||HIGH
EPSS-0.24% / 15.00%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-58297
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.31% / 22.91%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-58296
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.30% / 22.24%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-359
Exposure of Private Personal Information to an Unauthorized Actor
CVE-2026-58295
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.37% / 29.45%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58294
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.26%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-58293
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.44% / 35.51%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-58292
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.93%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-58290
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 16.25%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58289
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-9||CRITICAL
EPSS-0.44% / 35.51%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58288
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.44% / 35.51%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-58286
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.31% / 23.28%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-284
Improper Access Control
CVE-2026-58285
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.44% / 35.50%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58284
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.40% / 32.80%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-285
Improper Authorization
CVE-2026-58278
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 20.21%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-58276
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.79%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-57991
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.74% / 50.67%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2026-57986
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.79%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-57981
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.56% / 42.64%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-57977
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.40% / 32.01%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-58522
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 24.38%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Information Disclosure Vulnerability

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-58299
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 18.76%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge for Android Remote Code Execution Vulnerability

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft CorporationGoogle LLC
Product-edge_chromiumandroidMicrosoft Edge (Chromium-based)
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-58287
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.44% / 35.51%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-58283
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.33% / 25.09%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-58282
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-0.31% / 23.28%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-284
Improper Access Control
CVE-2026-57992
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.79%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-57988
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.53% / 41.36%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-23
Relative Path Traversal
CVE-2026-57987
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.62% / 45.58%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-57985
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.6||HIGH
EPSS-0.48% / 38.23%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-57984
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.79%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-57983
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.7||HIGH
EPSS-0.46% / 37.21%
||
7 Day CHG~0.00%
Published-03 Jul, 2026 | 20:35
Updated-17 Jul, 2026 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-285
Improper Authorization
CVE-2026-50521
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.82% / 53.25%
||
7 Day CHG~0.00%
Published-01 Jul, 2026 | 20:14
Updated-15 Jul, 2026 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-416
Use After Free
CVE-2026-32208
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.28% / 20.16%
||
7 Day CHG~0.00%
Published-19 Jun, 2026 | 20:27
Updated-15 Jul, 2026 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Spoofing Vulnerability

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-45173
Assigner-Palo Alto Networks, Inc.
ShareView Details
Assigner-Palo Alto Networks, Inc.
CVSS Score-8.4||HIGH
EPSS-0.16% / 5.72%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 21:33
Updated-22 Jun, 2026 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Idira Identity Browser Extension: Unauthorized Application Interaction via Origin Validation Failure

Idira Identity Browser Extension (Chrome, Firefox, and Edge builds) versions prior to 26.8.1 exhibit an origin validation flaw within its internal web-page verification routines. If an authenticated user navigates to a specially crafted webpage, this interaction could potentially allow a remote attacker to trigger unauthorized application interaction or execution parameters within the context of that authenticated browser session. CyberArk Security Bulletin: CA26-21

Action-Not Available
Vendor-CyberArk Software, a Palo Alto Networks CompanyPalo Alto Networks, Inc.Google LLCMicrosoft CorporationMozilla Corporation
Product-firefoxedge_chromiumchromeidira_identity_browser_extensionIdentity Browser Extensions
CWE ID-CWE-346
Origin Validation Error
CVE-2026-45495
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.99% / 58.52%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 17:03
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-35
Path Traversal: '.../...//'
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2026-45494
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 22.14%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 17:03
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

Microsoft Edge (Chromium-based) Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2026-45492
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 22.14%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 17:03
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-20
Improper Input Validation
CVE-2026-42838
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 15.07%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2026-40416
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 27.10%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-42891
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 20.50%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge for Android
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-41107
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.4||HIGH
EPSS-0.65% / 47.14%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2026-33118
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 42.58%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 21:20
Updated-19 Jun, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Spoofing Vulnerability

User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2026-0385
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5||MEDIUM
EPSS-0.24% / 14.87%
||
7 Day CHG~0.00%
Published-13 Mar, 2026 | 21:55
Updated-19 Jun, 2026 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge for Android
CWE ID-CWE-290
Authentication Bypass by Spoofing
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next