CVE-2021-21121 — CVSS 9.6 (critical): Use after free in Omnibox in Google Chrome on Linux prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox escape…
CVE-2021-21132 — CVSS 9.6 (critical): Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform a sandbox…
CVE-2021-21124 — CVSS 9.6 (critical): Potential user after free in Speech Recognizer in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to potentially…
CVE-2026-58289 — CVSS 9.0 (critical): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2021-21120 — CVSS 8.8 (high): Use after free in WebSQL in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-21122 — CVSS 8.8 (high): Use after free in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-21127 — CVSS 8.8 (high): Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass content security…
CVE-2021-21128 — CVSS 8.8 (high): Heap buffer overflow in Blink in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2021-21157 — CVSS 8.8 (high): Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap…
CVE-2026-57974 — CVSS 8.8 (high): Integer overflow or wraparound in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-56645 — CVSS 8.8 (high): Heap-based buffer overflow in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-32208 — CVSS 8.8 (high): Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Entra ID allows an authorized attacker to…
CVE-2025-49713 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2025-25000 — CVSS 8.8 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2021-21118 — CVSS 8.8 (high): Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out of bounds…
CVE-2021-21119 — CVSS 8.8 (high): Use after free in Media in Google Chrome prior to 88.0.4324.96 allowed a remote attacker who had compromised the renderer process to…
CVE-2023-6702 — CVSS 8.8 (high): Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a…
CVE-2026-57983 — CVSS 8.7 (high): Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-58295 — CVSS 8.3 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass…
CVE-2026-58287 — CVSS 8.3 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58285 — CVSS 8.3 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2026-58284 — CVSS 8.3 (high): Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58282 — CVSS 8.1 (high): Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2021-21125 — CVSS 8.1 (high): Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 88.0.4324.96 allowed a remote attacker to bypass…
CVE-2026-58286 — CVSS 8.1 (high): Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-58283 — CVSS 8.1 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform…
CVE-2026-58293 — CVSS 8.1 (high): External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57985 — CVSS 7.6 (high): Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2025-29834 — CVSS 7.5 (high): Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57975 — CVSS 7.5 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2026-57984 — CVSS 7.5 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57986 — CVSS 7.5 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-57992 — CVSS 7.5 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58276 — CVSS 7.5 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58290 — CVSS 7.5 (high): Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute…
CVE-2026-58292 — CVSS 7.5 (high): Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58294 — CVSS 7.5 (high): Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58299 — CVSS 7.5 (high): Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a…
CVE-2026-57993 — CVSS 7.4 (high): Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49741 — CVSS 7.4 (high): No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.
CVE-2026-57991 — CVSS 7.4 (high): Improper link resolution before file access ('link following') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to…
CVE-2026-41107 — CVSS 7.4 (high): External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a…
CVE-2026-58298 — CVSS 7.2 (high): Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an…
CVE-2026-57977 — CVSS 7.1 (high): Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an…
CVE-2026-58296 — CVSS 7.1 (high): Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose…
CVE-2026-21223 — CVSS 7.1 (high): Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
CVE-2026-58297 — CVSS 7.1 (high): Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose…
CVE-2026-57988 — CVSS 7.1 (high): Relative path traversal in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58522 — CVSS 6.8 (medium): Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-57987 — CVSS 6.5 (medium): Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2021-21139 — CVSS 6.5 (medium): Inappropriate implementation in iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation…
CVE-2025-29825 — CVSS 6.5 (medium): User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform…
CVE-2025-29806 — CVSS 6.5 (medium): No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-56646 — CVSS 6.5 (medium): Exposure of sensitive information to an unauthorized actor in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform…
CVE-2026-58523 — CVSS 6.5 (medium): Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.
CVE-2021-21126 — CVSS 6.5 (medium): Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via…
CVE-2021-21129 — CVSS 6.5 (medium): Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem…
CVE-2021-21130 — CVSS 6.5 (medium): Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem…
CVE-2021-21131 — CVSS 6.5 (medium): Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem…
CVE-2021-21133 — CVSS 6.5 (medium): Insufficient policy enforcement in Downloads in Google Chrome prior to 88.0.4324.96 allowed an attacker who convinced a user to download…
CVE-2021-21134 — CVSS 6.5 (medium): Incorrect security UI in Page Info in Google Chrome on iOS prior to 88.0.4324.96 allowed a remote attacker to spoof security UI via a…
CVE-2021-21135 — CVSS 6.5 (medium): Inappropriate implementation in Performance API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin data…
CVE-2021-21136 — CVSS 6.5 (medium): Insufficient policy enforcement in WebView in Google Chrome on Android prior to 88.0.4324.96 allowed a remote attacker to leak cross-origin…
CVE-2021-21137 — CVSS 6.5 (medium): Inappropriate implementation in DevTools in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to obtain potentially sensitive…
CVE-2026-42891 — CVSS 6.5 (medium): User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform…
CVE-2026-0391 — CVSS 6.5 (medium): User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform…
CVE-2021-21123 — CVSS 6.5 (medium): Insufficient data validation in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass filesystem…
CVE-2025-47963 — CVSS 6.3 (medium): No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-60711 — CVSS 6.3 (medium): Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2026-58300 — CVSS 6.2 (medium): Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.
CVE-2026-58291 — CVSS 6.1 (medium): Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose…
CVE-2025-47182 — CVSS 5.6 (medium): Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.