Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    18 vulnerabilities found for Microsoft Edge for iOS by Microsoft

    CVE-2026-26133 (GCVE-0-2026-26133)

    Vulnerability from nvd – Published: 2026-03-13 21:10 – Updated: 2026-06-19 18:18
    VLAI
    Title
    M365 Copilot Information Disclosure Vulnerability
    Summary
    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Copilot for Android Affected: 1.0 , < 16.0.19815.10000 (custom)
    Create a notification for this product.
    Microsoft Microsoft 365 Copilot for iOS Affected: 1.0 , < 2.107.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Loop for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote Affected: 1.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote for Android Affected: 16.0.1 , < 16.0.19725.20142 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: 1.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for iOS Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Mac Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for Android Affected: 2.0.0 , < 2.2.260210.21290750 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for iOS Affected: 1.0.0 , < 1.2.260302.2193910 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026043102 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 8.3.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Date Public
    2026-03-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:24:19.473896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:24:30.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft 365 Copilot for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19815.10000",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft 365 Copilot for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.107.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Loop for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20142",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.2.260210.21290750",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.2.260302.2193910",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026043102",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.107.2",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "8.3.1",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026043102",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19815.10000",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.260210.21290750",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.260302.2193910",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19725.20142",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T18:18:11.619Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "M365 Copilot Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
            }
          ],
          "title": "M365 Copilot Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-26133",
        "datePublished": "2026-03-13T21:10:13.535Z",
        "dateReserved": "2026-02-11T16:24:51.133Z",
        "dateUpdated": "2026-06-19T18:18:11.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29796 (GCVE-0-2025-29796)

    Vulnerability from nvd – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 135.0.3179.54 (custom)
    Create a notification for this product.
    Date Public
    2025-04-03 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:39:06.890172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T20:21:43.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "135.0.3179.54",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "135.0.3179.54",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-03T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:32:47.288Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29796",
        "datePublished": "2025-04-04T00:00:16.022Z",
        "dateReserved": "2025-03-11T18:19:40.247Z",
        "dateUpdated": "2026-02-13T19:32:47.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25001 (GCVE-0-2025-25001)

    Vulnerability from nvd – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 132.0.2957.118 (custom)
    Create a notification for this product.
    Date Public
    2025-04-03 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:39:21.141463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T20:21:50.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "132.0.2957.118",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "132.0.2957.118",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-03T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:32:59.434Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-25001",
        "datePublished": "2025-04-04T00:00:13.527Z",
        "dateReserved": "2025-01-30T15:14:20.993Z",
        "dateUpdated": "2026-02-13T19:32:59.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21253 (GCVE-0-2025-21253)

    Vulnerability from nvd – Published: 2025-02-06 22:41 – Updated: 2026-02-13 19:44
    VLAI
    Title
    Microsoft Edge for IOS and Android Spoofing Vulnerability
    Summary
    Microsoft Edge for IOS and Android Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 133.0.3065.51 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 133.0.3065.51 (custom)
    Create a notification for this product.
    Date Public
    2025-02-06 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:02:37.230074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T16:04:37.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "133.0.3065.51",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "133.0.3065.51",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "133.0.3065.51",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "133.0.3065.51",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-02-06T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:44:27.259Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for IOS and Android Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253"
            }
          ],
          "title": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21253",
        "datePublished": "2025-02-06T22:41:33.947Z",
        "dateReserved": "2024-12-10T23:54:12.932Z",
        "dateUpdated": "2026-02-13T19:44:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38083 (GCVE-0-2024-38083)

    Vulnerability from nvd – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
    VLAI
    Title
    Microsoft Edge (Chromium-based) Spoofing Vulnerability
    Summary
    Microsoft Edge (Chromium-based) Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-449 - The UI Performs the Wrong Action
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Date Public
    2024-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:11:06.776687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:11:13.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:04:25.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-449",
                  "description": "CWE-449: The UI Performs the Wrong Action",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T22:23:49.457Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
            }
          ],
          "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38083",
        "datePublished": "2024-06-13T19:24:39.838Z",
        "dateReserved": "2024-06-11T22:36:08.182Z",
        "dateUpdated": "2025-12-17T22:23:49.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-30057 (GCVE-0-2024-30057)

    Vulnerability from nvd – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-356 - Product UI does not Warn User of Unsafe Actions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Date Public
    2024-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T18:20:31.602770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T18:20:37.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge for iOS Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-356",
                  "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T22:23:48.293Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-30057",
        "datePublished": "2024-06-13T19:24:38.694Z",
        "dateReserved": "2024-03-22T23:12:14.564Z",
        "dateUpdated": "2025-12-17T22:23:48.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36883 (GCVE-0-2023-36883)

    Vulnerability from nvd – Published: 2023-07-14 17:54 – Updated: 2025-02-28 19:39
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 114.0.1823.82 (custom)
    Create a notification for this product.
    Date Public
    2023-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge for iOS Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T19:24:27.268801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T19:39:14.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "114.0.1823.82",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "114.0.1823.82",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:52:38.701Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36883",
        "datePublished": "2023-07-14T17:54:33.168Z",
        "dateReserved": "2023-06-27T20:28:05.993Z",
        "dateUpdated": "2025-02-28T19:39:14.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44708 (GCVE-0-2022-44708)

    Vulnerability from nvd – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
    VLAI
    Title
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    Summary
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    CWE
    • Elevation of Privilege
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 108.0.1462.42 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge (Chromium-based) Affected: 1.0.0.0 , < 108.0.1462.42 (custom)
    Create a notification for this product.
    Date Public
    2022-12-05 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:30.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708"
              },
              {
                "name": "GLSA-202305-10",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "108.0.1462.42",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge (Chromium-based)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "108.0.1462.42",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "108.0.1462.42",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "108.0.1462.42",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-12-05T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T17:49:47.144Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
            }
          ],
          "title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-44708",
        "datePublished": "2022-12-13T00:00:00.000Z",
        "dateReserved": "2022-11-03T00:00:00.000Z",
        "dateUpdated": "2025-07-22T17:49:47.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43220 (GCVE-0-2021-43220)

    Vulnerability from nvd – Published: 2021-11-24 01:05 – Updated: 2024-08-04 03:55
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 96.0 1954.29 (custom)
        cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*
    Create a notification for this product.
    Date Public
    2021-11-19 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:55:27.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "96.0 1954.29",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-19T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:47:49.728Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-43220",
        "datePublished": "2021-11-24T01:05:15.000Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:55:27.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-26133 (GCVE-0-2026-26133)

    Vulnerability from cvelistv5 – Published: 2026-03-13 21:10 – Updated: 2026-06-19 18:18
    VLAI
    Title
    M365 Copilot Information Disclosure Vulnerability
    Summary
    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft 365 Copilot for Android Affected: 1.0 , < 16.0.19815.10000 (custom)
    Create a notification for this product.
    Microsoft Microsoft 365 Copilot for iOS Affected: 1.0 , < 2.107.2 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 145.3800.99 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Excel for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Loop for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote Affected: 1.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft OneNote for Android Affected: 16.0.1 , < 16.0.19725.20142 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Android Affected: 1.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for iOS Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft Outlook for Mac Affected: 1.0.0 , < 5.2605 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for Android Affected: 2.0.0 , < 2.2.260210.21290750 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerBI for iOS Affected: 1.0.0 , < 1.2.260302.2193910 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft PowerPoint for iOS Affected: 1.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for Android Affected: 1.0.0 , < 1.0.0.2026043102 (custom)
    Create a notification for this product.
    Microsoft Microsoft Teams for iOS Affected: 2.0.0 , < 8.3.1 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for Android Affected: 16.0.0.0 , < 16.0.19822.20038 (custom)
    Create a notification for this product.
    Microsoft Microsoft Word for iOS Affected: 2.0.0 , < 2.106.26020617 (custom)
    Create a notification for this product.
    Date Public
    2026-03-12 14:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-26133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T14:24:19.473896Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T14:24:30.194Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft 365 Copilot for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19815.10000",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft 365 Copilot for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.107.2",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "145.3800.99",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Excel for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Loop for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft OneNote for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19725.20142",
                  "status": "affected",
                  "version": "16.0.1",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Outlook for Mac",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "5.2605",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.2.260210.21290750",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerBI for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.2.260302.2193910",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft PowerPoint for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "1.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "1.0.0.2026043102",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Teams for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "8.3.1",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "16.0.19822.20038",
                  "status": "affected",
                  "version": "16.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Word for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "2.106.26020617",
                  "status": "affected",
                  "version": "2.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_ios:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook_2016:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.107.2",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "8.3.1",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:teams:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "1.0.0.2026043102",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:word:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:loop:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "5.2605",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:365_copilot_Android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19815.10000",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "2.2.260210.21290750",
                      "versionStartIncluding": "2.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:power_bi_iOS:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "1.2.260302.2193910",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:onenote_for_android:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "16.0.19725.20142",
                      "versionStartIncluding": "16.0.1",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "145.3800.99",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:powerpoint:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "16.0.19822.20038",
                      "versionStartIncluding": "16.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:excel:*:*:iOS:*:*:*:*:*",
                      "versionEndExcluding": "2.106.26020617",
                      "versionStartIncluding": "1.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2026-03-12T14:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-19T18:18:11.619Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "M365 Copilot Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26133"
            }
          ],
          "title": "M365 Copilot Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2026-26133",
        "datePublished": "2026-03-13T21:10:13.535Z",
        "dateReserved": "2026-02-11T16:24:51.133Z",
        "dateUpdated": "2026-06-19T18:18:11.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-29796 (GCVE-0-2025-29796)

    Vulnerability from cvelistv5 – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 135.0.3179.54 (custom)
    Create a notification for this product.
    Date Public
    2025-04-03 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29796",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:39:06.890172Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T20:21:43.566Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "135.0.3179.54",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "135.0.3179.54",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-03T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:32:47.288Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29796"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-29796",
        "datePublished": "2025-04-04T00:00:16.022Z",
        "dateReserved": "2025-03-11T18:19:40.247Z",
        "dateUpdated": "2026-02-13T19:32:47.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-25001 (GCVE-0-2025-25001)

    Vulnerability from cvelistv5 – Published: 2025-04-04 00:00 – Updated: 2026-02-13 19:32
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 132.0.2957.118 (custom)
    Create a notification for this product.
    Date Public
    2025-04-03 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-25001",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-04-04T14:39:21.141463Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-04T20:21:50.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "132.0.2957.118",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "132.0.2957.118",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-04-03T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Improper neutralization of input during web page generation (\u0027cross-site scripting\u0027) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:32:59.434Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25001"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-25001",
        "datePublished": "2025-04-04T00:00:13.527Z",
        "dateReserved": "2025-01-30T15:14:20.993Z",
        "dateUpdated": "2026-02-13T19:32:59.434Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-21253 (GCVE-0-2025-21253)

    Vulnerability from cvelistv5 – Published: 2025-02-06 22:41 – Updated: 2026-02-13 19:44
    VLAI
    Title
    Microsoft Edge for IOS and Android Spoofing Vulnerability
    Summary
    Microsoft Edge for IOS and Android Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-451 - User Interface (UI) Misrepresentation of Critical Information
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 133.0.3065.51 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 133.0.3065.51 (custom)
    Create a notification for this product.
    Date Public
    2025-02-06 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21253",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T16:02:37.230074Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T16:04:37.766Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "133.0.3065.51",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "133.0.3065.51",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "133.0.3065.51",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "133.0.3065.51",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2025-02-06T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-451",
                  "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-13T19:44:27.259Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for IOS and Android Spoofing Vulnerability",
              "tags": [
                "vendor-advisory",
                "patch"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21253"
            }
          ],
          "title": "Microsoft Edge for IOS and Android Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2025-21253",
        "datePublished": "2025-02-06T22:41:33.947Z",
        "dateReserved": "2024-12-10T23:54:12.932Z",
        "dateUpdated": "2026-02-13T19:44:27.259Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38083 (GCVE-0-2024-38083)

    Vulnerability from cvelistv5 – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
    VLAI
    Title
    Microsoft Edge (Chromium-based) Spoofing Vulnerability
    Summary
    Microsoft Edge (Chromium-based) Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-449 - The UI Performs the Wrong Action
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge for Android Affected: 1.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Date Public
    2024-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38083",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-18T14:11:06.776687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-18T14:11:13.100Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:04:25.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for Android",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-449",
                  "description": "CWE-449: The UI Performs the Wrong Action",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T22:23:49.457Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge (Chromium-based) Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38083"
            }
          ],
          "title": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-38083",
        "datePublished": "2024-06-13T19:24:39.838Z",
        "dateReserved": "2024-06-11T22:36:08.182Z",
        "dateUpdated": "2025-12-17T22:23:49.457Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-30057 (GCVE-0-2024-30057)

    Vulnerability from cvelistv5 – Published: 2024-06-13 19:24 – Updated: 2025-12-17 22:23
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-356 - Product UI does not Warn User of Unsafe Actions
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 126.0.2592.56 (custom)
    Create a notification for this product.
    Date Public
    2024-06-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-30057",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-06-14T18:20:31.602770Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-14T18:20:37.620Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T01:25:02.946Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge for iOS Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "126.0.2592.56",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "126.0.2592.56",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2024-06-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-356",
                  "description": "CWE-356: Product UI does not Warn User of Unsafe Actions",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-17T22:23:48.293Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30057"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2024-30057",
        "datePublished": "2024-06-13T19:24:38.694Z",
        "dateReserved": "2024-03-22T23:12:14.564Z",
        "dateUpdated": "2025-12-17T22:23:48.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-36883 (GCVE-0-2023-36883)

    Vulnerability from cvelistv5 – Published: 2023-07-14 17:54 – Updated: 2025-02-28 19:39
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • Spoofing
    • CWE-290 - Authentication Bypass by Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 114.0.1823.82 (custom)
    Create a notification for this product.
    Date Public
    2023-07-13 07:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T17:01:09.687Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "Microsoft Edge for iOS Spoofing Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-36883",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-28T19:24:27.268801Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-290",
                    "description": "CWE-290 Authentication Bypass by Spoofing",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-28T19:39:14.133Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "114.0.1823.82",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "114.0.1823.82",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2023-07-13T07:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-01T01:52:38.701Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge for iOS Spoofing Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36883"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2023-36883",
        "datePublished": "2023-07-14T17:54:33.168Z",
        "dateReserved": "2023-06-27T20:28:05.993Z",
        "dateUpdated": "2025-02-28T19:39:14.133Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-44708 (GCVE-0-2022-44708)

    Vulnerability from cvelistv5 – Published: 2022-12-13 00:00 – Updated: 2025-07-22 17:49
    VLAI
    Title
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    Summary
    Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    CWE
    • Elevation of Privilege
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 108.0.1462.42 (custom)
    Create a notification for this product.
    Microsoft Microsoft Edge (Chromium-based) Affected: 1.0.0.0 , < 108.0.1462.42 (custom)
    Create a notification for this product.
    Date Public
    2022-12-05 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T14:01:30.099Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44708"
              },
              {
                "name": "GLSA-202305-10",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202305-10"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202311-11"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "108.0.1462.42",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge (Chromium-based)",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "108.0.1462.42",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*",
                      "versionEndExcluding": "108.0.1462.42",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    },
                    {
                      "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
                      "versionEndExcluding": "108.0.1462.42",
                      "versionStartIncluding": "1.0.0.0",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "datePublic": "2022-12-05T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Elevation of Privilege",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T17:49:47.144Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44708"
            }
          ],
          "title": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2022-44708",
        "datePublished": "2022-12-13T00:00:00.000Z",
        "dateReserved": "2022-11-03T00:00:00.000Z",
        "dateUpdated": "2025-07-22T17:49:47.144Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43220 (GCVE-0-2021-43220)

    Vulnerability from cvelistv5 – Published: 2021-11-24 01:05 – Updated: 2024-08-04 03:55
    VLAI
    Title
    Microsoft Edge for iOS Spoofing Vulnerability
    Summary
    Microsoft Edge for iOS Spoofing Vulnerability
    CWE
    • Spoofing
    Assigner
    References
    Impacted products
    Vendor Product Version
    Microsoft Microsoft Edge for iOS Affected: 1.0.0.0 , < 96.0 1954.29 (custom)
        cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*
    Create a notification for this product.
    Date Public
    2021-11-19 08:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:55:27.021Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:microsoft:edge:*:*:*:*:*:iphone_os:*:*"
              ],
              "platforms": [
                "Unknown"
              ],
              "product": "Microsoft Edge for iOS",
              "vendor": "Microsoft",
              "versions": [
                {
                  "lessThan": "96.0 1954.29",
                  "status": "affected",
                  "version": "1.0.0.0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2021-11-19T08:00:00.000Z",
          "descriptions": [
            {
              "lang": "en-US",
              "value": "Microsoft Edge for iOS Spoofing Vulnerability"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 3.1,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Spoofing",
                  "lang": "en-US",
                  "type": "Impact"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-29T14:47:49.728Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43220"
            }
          ],
          "title": "Microsoft Edge for iOS Spoofing Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2021-43220",
        "datePublished": "2021-11-24T01:05:15.000Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:55:27.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }