Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-atn9-g7ky-1bex
Vulnerability ID VCID-atn9-g7ky-1bex
Aliases CVE-2019-1428
Summary Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-787 Out-of-bounds Write
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.06916 https://api.first.org/data/v1/epss?cve=CVE-2019-1428
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-1428
CVE-2019-1428 https://nvd.nist.gov/vuln/detail/CVE-2019-1428
CVE-2019-1428 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1428
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.91557
EPSS Score 0.06916
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:19:39.158657+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.ChakraCore/CVE-2019-1428.yml 38.6.0