Office
by Microsoft
CVEs (1,071)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32184 | Hig | 0.51 | 7.8 | 0.02 | Apr 14, 2026 | Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32164 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32153 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32090 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-32089 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | ||
| CVE-2026-26134 | Hig | 0.51 | 7.8 | 0.00 | Mar 10, 2026 | Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||
| CVE-2025-62199 | Hig | 0.51 | 7.8 | 0.01 | Nov 11, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59234 | Hig | 0.51 | 7.8 | 0.01 | Oct 14, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59227 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-53732 | Hig | 0.51 | 7.8 | 0.00 | Aug 12, 2025 | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-49702 | Hig | 0.51 | 7.8 | 0.01 | Jul 8, 2025 | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-30388 | Hig | 0.51 | 7.8 | 0.03 | May 13, 2025 | Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-21402 | Hig | 0.51 | 7.8 | 0.01 | Jan 14, 2025 | Microsoft Office OneNote Remote Code Execution Vulnerability | ||
| CVE-2025-21361 | Hig | 0.51 | 7.8 | 0.01 | Jan 14, 2025 | Microsoft Outlook Remote Code Execution Vulnerability | ||
| CVE-2025-21338 | Hig | 0.51 | 7.8 | 0.00 | Jan 14, 2025 | GDI+ Remote Code Execution Vulnerability | ||
| CVE-2024-38250 | Hig | 0.51 | 7.8 | 0.01 | Sep 10, 2024 | Windows Graphics Component Elevation of Privilege Vulnerability | ||
| CVE-2024-30104 | Hig | 0.51 | 7.8 | 0.02 | Jun 11, 2024 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2024-20673 | Hig | 0.51 | 7.8 | 0.01 | Feb 13, 2024 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2024-20677 | Hig | 0.51 | 7.8 | 0.03 | Jan 9, 2024 | A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no… | ||
| CVE-2023-36045 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2023 | Microsoft Office Graphics Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.02
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows User Interface Core allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Windows Speech allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.00
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.03
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Microsoft Office OneNote Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Outlook Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.00
GDI+ Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Windows Graphics Component Elevation of Privilege Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Office Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Office Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no…
- risk 0.51cvss 7.8epss 0.01
Microsoft Office Graphics Remote Code Execution Vulnerability
Page 13 of 54