Office
by Microsoft
CVEs (1,071)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-26108 | 0.00 | — | 0.00 | Mar 10, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26107 | 0.00 | — | 0.00 | Mar 10, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26113 | 0.00 | — | 0.01 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26112 | 0.00 | — | 0.00 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20846 | 0.00 | — | 0.01 | Feb 10, 2026 | Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | |||
| CVE-2026-21261 | 0.00 | — | 0.01 | Feb 10, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-21511 | 0.00 | — | 0.04 | Feb 10, 2026 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21260 | 0.00 | — | 0.01 | Feb 10, 2026 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21258 | 0.00 | — | 0.01 | Feb 10, 2026 | Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-21259 | 0.00 | — | 0.01 | Feb 10, 2026 | Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. | |||
| CVE-2026-20957 | 0.00 | — | 0.00 | Jan 13, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20952 | 0.00 | — | 0.01 | Jan 13, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20950 | 0.00 | — | 0.00 | Jan 13, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20949 | 0.00 | — | 0.00 | Jan 13, 2026 | Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally. | |||
| CVE-2026-20948 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20956 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20955 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20953 | 0.00 | — | 0.01 | Jan 13, 2026 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20946 | 0.00 | — | 0.01 | Jan 13, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20943 | 0.00 | — | 0.01 | Jan 13, 2026 | Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. |
- CVE-2026-26108Mar 10, 2026risk 0.00cvss —epss 0.00
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26107Mar 10, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-26113Mar 10, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-26112Mar 10, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20846Feb 10, 2026risk 0.00cvss —epss 0.01
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
- CVE-2026-21261Feb 10, 2026risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-21511Feb 10, 2026risk 0.00cvss —epss 0.04
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21260Feb 10, 2026risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21258Feb 10, 2026risk 0.00cvss —epss 0.01
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2026-21259Feb 10, 2026risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
- CVE-2026-20957Jan 13, 2026risk 0.00cvss —epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20952Jan 13, 2026risk 0.00cvss —epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20950Jan 13, 2026risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20949Jan 13, 2026risk 0.00cvss —epss 0.00
Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
- CVE-2026-20948Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-20956Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20955Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20953Jan 13, 2026risk 0.00cvss —epss 0.01
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-20946Jan 13, 2026risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- CVE-2026-20943Jan 13, 2026risk 0.00cvss —epss 0.01
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
Page 45 of 54