Office Online Server
by Microsoft
CVEs (185)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40360 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-40359 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32199 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32198 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32197 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32189 | Hig | 0.51 | 7.8 | 0.00 | Apr 14, 2026 | Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2022-41063 | Hig | 0.51 | 7.8 | 0.01 | Nov 9, 2022 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2022-41061 | Hig | 0.51 | 7.8 | 0.01 | Nov 9, 2022 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2022-29109 | Hig | 0.51 | 7.8 | 0.03 | May 10, 2022 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2022-26901 | Hig | 0.51 | 7.8 | 0.03 | Apr 15, 2022 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2021-43256 | Hig | 0.51 | 7.8 | 0.02 | Dec 15, 2021 | Microsoft Excel Remote Code Execution Vulnerability | ||
| CVE-2016-0025 | Hig | 0.49 | 7.3 | 0.17 | Jun 16, 2016 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint… | ||
| CVE-2026-44818 | Hig | 0.46 | 7.0 | 0.00 | Jun 9, 2026 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||
| CVE-2026-32188 | Hig | 0.46 | 7.1 | 0.00 | Apr 14, 2026 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2023-33162 | Med | 0.36 | 5.5 | 0.01 | Jul 11, 2023 | Microsoft Excel Information Disclosure Vulnerability | ||
| CVE-2022-41103 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2022-41060 | Med | 0.36 | 5.5 | 0.01 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2018-8247 | Med | 0.35 | 5.4 | 0.03 | Jun 14, 2018 | An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID… | ||
| CVE-2017-0195 | Med | 0.35 | 5.4 | 0.04 | Apr 12, 2017 | Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run… | ||
| CVE-2023-21716 | 0.07 | — | 0.82 | Feb 14, 2023 | Microsoft Word Remote Code Execution Vulnerability |
- risk 0.51cvss 7.8epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.00
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.51cvss 7.8epss 0.01
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Word Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.03
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.02
Microsoft Excel Remote Code Execution Vulnerability
- risk 0.49cvss 7.3epss 0.17
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint…
- risk 0.46cvss 7.0epss 0.00
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.36cvss 5.5epss 0.01
Microsoft Excel Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.01
Microsoft Word Information Disclosure Vulnerability
- risk 0.35cvss 5.4epss 0.03
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. This CVE ID…
- risk 0.35cvss 5.4epss 0.04
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run…
- CVE-2023-21716Feb 14, 2023risk 0.07cvss —epss 0.82
Microsoft Word Remote Code Execution Vulnerability
Page 2 of 10