CVE-2026-24303 critical 9.6
9.6
microsoft 1mo ago
Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
CVE-2026-41134 high 7.8
7.8
microsoft 1mo ago
Kiota: Code Generation Literal Injection
CVE-2026-40372 critical 9.1
9.1
microsoft 1mo ago
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-33116 high 7.5
7.5
rhel linux-kernel macos microsoft 2mo ago
Important: .NET 10.0 security update
CVE-2026-32203 high 7.5
7.5
rhel linux-kernel macos microsoft 2mo ago
Important: .NET 10.0 security update
CVE-2026-32178 high 7.5
7.5
rhel linux-kernel macos microsoft 2mo ago
Important: .NET 10.0 security update
CVE-2026-26171 high 7.5
7.5
rhel linux-kernel macos microsoft 2mo ago
Important: .NET 10.0 security update
CVE-2026-33822 medium 6.1
6.1
microsoft 2mo ago
Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33120 high 8.8
8.8
microsoft 2mo ago
Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.
CVE-2026-33115 high 8.4
8.4
microsoft 2mo ago
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33114 high 8.4
8.4
microsoft 2mo ago
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33103 medium 5.5
5.5
microsoft 2mo ago
Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.
CVE-2026-33095 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-32226 medium 5.9
5.9
windows microsoft 2mo ago
Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-32200 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32199 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32197 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32196 medium 6.1
6.1
microsoft 2mo ago
Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-32192 high 7.8
7.8
microsoft 2mo ago
Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32190 high 8.4
8.4
microsoft 2mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-32189 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32188 high 7.1
7.1
microsoft 2mo ago
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-32184 high 7.8
7.8
microsoft 2mo ago
Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an authorized attacker to elevate privileges locally.
CVE-2026-32176 medium 6.7
6.7
microsoft 2mo ago
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32171 high 8.8
8.8
microsoft 2mo ago
Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network.
CVE-2026-32168 high 7.8
7.8
microsoft 2mo ago
Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
CVE-2026-32167 medium 6.7
6.7
microsoft 2mo ago
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally.
CVE-2026-32157 high 8.8
8.8
FIX windows microsoft 2mo ago
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-26149 critical 9.0
9.0
microsoft 2mo ago
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network.
CVE-2026-26143 high 7.8
7.8
microsoft 2mo ago
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-23666 high 7.5
7.5
windows microsoft 2mo ago
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23657 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23653 medium 5.7
5.7
microsoft 2mo ago
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-20945 medium 4.6
4.6
microsoft 2mo ago
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201 medium 6.5
8.0
KEV microsoft 2mo ago
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26134 high 7.8
7.8
microsoft 3mo ago
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26110 high 7.8
7.8
microsoft 3mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-25180 medium 5.5
5.5
FIX windows microsoft 3mo ago
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2026-24285 high 7.0
7.0
FIX windows microsoft 3mo ago
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2025-62557 high 7.8
7.8
microsoft 6mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62554 high 7.8
7.8
microsoft 6mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62199 high 7.8
7.8
microsoft 7mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-60724 critical 9.8
9.8
FIX windows microsoft 7mo ago
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-59234 high 7.8
7.8
microsoft 8mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59227 high 7.8
7.8
microsoft 8mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53799 medium 5.5
5.5
FIX windows microsoft 9mo ago
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53766 critical 9.8
9.8
FIX windows microsoft 10mo ago
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
CVE-2025-53732 high 7.8
7.8
microsoft 10mo ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 high 7.8
7.8
microsoft 11mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697 high 8.4
8.4
microsoft 11mo ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696 high 8.4
8.4
microsoft 11mo ago
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49695 high 8.4
8.4
microsoft 11mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47953 high 8.4
8.4
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47167 high 8.4
8.4
microsoft 1y ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47164 high 8.4
8.4
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162 high 8.4
8.4
microsoft 1y ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30388 high 7.8
7.8
FIX windows microsoft 1y ago
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30386 high 7.8
7.8
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-26687 high 7.5
7.5
FIX windows microsoft 1y ago
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21402 high 7.8
7.8
microsoft 1y ago
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21361 high 7.8
7.8
microsoft 1y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21338 high 7.8
7.8
FIX windows microsoft 1y ago
GDI+ Remote Code Execution Vulnerability
CVE-2024-38250 high 7.8
7.8
FIX windows microsoft 2y ago
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-30104 high 7.8
7.8
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30103 high 8.8
8.8
microsoft 2y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-30101 high 7.5
7.5
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-26257 high 7.8
7.8
microsoft 2y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-20673 high 7.8
7.8
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2023-36009 medium 5.5
5.5
microsoft 3y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2023-44487 high 7.5
10.0
KEV EXP FIX rocky rhel debian siemens ietf nghttp2 3y ago
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-36565 high 7.0
7.0
microsoft 3y ago
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36897 medium 6.5
6.5
microsoft 3y ago
Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33162 medium 5.5
5.5
microsoft 3y ago
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33161 high 7.8
7.8
microsoft 3y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33158 high 7.8
7.8
microsoft 3y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33153 high 8.8
8.8
microsoft 3y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33152 high 7.8
7.8
microsoft 3y ago
Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33151 medium 6.5
6.5
microsoft 3y ago
Microsoft Outlook Spoofing Vulnerability
CVE-2023-33150 critical 9.6
9.6
microsoft 3y ago
Microsoft Office Security Feature Bypass Vulnerability
CVE-2023-33149 high 7.8
7.8
microsoft 3y ago
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-33148 high 7.8
8.8
EXP microsoft 3y ago
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-29335 high 7.5
7.5
windows microsoft 3y ago
Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-23398 high 7.1
7.1
microsoft 3y ago
Microsoft Excel Spoofing Vulnerability
CVE-2023-23391 medium 5.5
5.5
microsoft 3y ago
Office for Android Spoofing Vulnerability
CVE-2022-44696 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44695 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44694 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44702 high 7.8
7.8
windows microsoft 4y ago
Windows Terminal Remote Code Execution Vulnerability
CVE-2022-41107 high 7.8
7.8
microsoft 4y ago
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-41106 high 8.8
8.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41105 medium 5.5
5.5
microsoft 4y ago
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41104 medium 5.5
5.5
microsoft 4y ago
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41103 medium 5.5
5.5
microsoft 4y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2022-41063 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41061 high 7.8
7.8
microsoft 4y ago
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-41060 medium 5.5
5.5
microsoft 4y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2022-38013 high 7.5
7.5
rhel rocky fedora microsoft 4y ago
RHSA-2022:6539: .NET 6.0 security and bugfix update (Moderate)
CVE-2022-29109 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-29107 medium 5.5
5.5
microsoft 4y ago
Microsoft Office Security Feature Bypass Vulnerability
