Microsoft Edge
364 CVEs affecting Microsoft Edge. Latest disclosed: 2026-05-12. Critical: 4, High: 246.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-0028 | Critical | 9.8 | 2017-07-17 | A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a… |
CVE-2017-0252 | Critical | 9.8 | 2017-05-15 | A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engi… |
CVE-2017-0223 | Critical | 9.8 | 2017-05-15 | A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engi… |
CVE-2016-0003 | Critical | 9.6 | 2016-01-13 | Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability." |
CVE-2017-8660 | High | 8.8 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current use… |
CVE-2017-8503 | High | 8.8 | 2017-08-08 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edg… |
CVE-2017-0002 | High | 8.8 | 2017-01-10 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation… |
CVE-2016-3297 | High | 8.8 | 2016-09-14 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… |
CVE-2016-3269 | High | 8.8 | 2016-07-13 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… |
CVE-2016-3265 | High | 8.8 | 2016-07-13 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… |
CVE-2016-3260 | High | 8.8 | 2016-07-13 | The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, al… |
CVE-2016-3259 | High | 8.8 | 2016-07-13 | The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other pr… |
CVE-2016-3248 | High | 8.8 | 2016-07-13 | The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other pr… |
CVE-2016-3222 | High | 8.8 | 2016-06-16 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge M… |
CVE-2016-3214 | High | 8.8 | 2016-06-16 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… |
CVE-2016-3199 | High | 8.8 | 2016-06-16 | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… |
CVE-2016-0084 | High | 8.8 | 2016-02-10 | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge M… |
CVE-2016-0062 | High | 8.8 | 2016-02-10 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a craft… |
CVE-2016-0061 | High | 8.8 | 2016-02-10 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… |
CVE-2016-0060 | High | 8.8 | 2016-02-10 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… |