Filtered by vendor Microsoft
Subscriptions
Filtered by product 365 Apps
Subscriptions
Total
447 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20955 | 1 Microsoft | 9 365 Apps, Office, Office 2019 and 6 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20956 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20948 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-02-26 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20949 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-02-26 | 7.8 High |
| Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-20950 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20952 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-26 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-20957 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-02-26 | 7.8 High |
| Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2020-1583 | 1 Microsoft | 8 365 Apps, Excel, Office and 5 more | 2026-02-23 | 8.8 High |
| An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data. To exploit the vulnerability, an attacker could craft a special document file and then convince the user to open it. An attacker must know the memory address location where the object was created. The update addresses the vulnerability by changing the way certain Word functions handle objects in memory. | ||||
| CVE-2020-1493 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2026-02-23 | 5.5 Medium |
| An information disclosure vulnerability exists when attaching files to Outlook messages. This vulnerability could potentially allow users to share attached files such that they are accessible by anonymous users where they should be restricted to specific users. To exploit this vulnerability, an attacker would have to attach a file as a link to an email. The email could then be shared with individuals that should not have access to the files, ignoring the default organizational setting. The security update addresses the vulnerability by correcting how Outlook handles file attachment links. | ||||
| CVE-2020-16933 | 1 Microsoft | 11 365 Apps, Office, Windows 10 and 8 more | 2026-02-23 | 7 High |
| <p>A security feature bypass vulnerability exists in Microsoft Word software when it fails to properly handle .LNK files. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the file could then take actions on behalf of the logged-on user with the same permissions as the current user.</p> <p>To exploit the vulnerability, a user must open a specially crafted file with an affected version of Microsoft Word software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Word handles these files.</p> | ||||
| CVE-2025-59232 | 1 Microsoft | 19 365, 365 Apps, Access and 16 more | 2026-02-22 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-59229 | 1 Microsoft | 5 365, 365 Apps, Office and 2 more | 2026-02-22 | 5.5 Medium |
| Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally. | ||||
| CVE-2025-59224 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-22 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59235 | 1 Microsoft | 19 365, 365 Apps, Access and 16 more | 2026-02-22 | 7.1 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21509 | 1 Microsoft | 7 365 Apps, Office, Office 2016 and 4 more | 2026-02-22 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2025-47174 | 1 Microsoft | 8 365 Apps, Excel, Office and 5 more | 2026-02-20 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47167 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-20 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-47164 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-02-20 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54901 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2026-02-20 | 5.5 Medium |
| Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-32717 | 1 Microsoft | 5 365 Apps, Office, Office 365 and 2 more | 2026-02-20 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||