CVE-2026-32157 high 8.8
8.8
FIX windows microsoft 2mo ago
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-26143 high 7.8
7.8
microsoft 2mo ago
Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-23666 high 7.5
7.5
windows microsoft 2mo ago
Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.
CVE-2026-23657 high 7.8
7.8
microsoft 2mo ago
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-23653 medium 5.7
5.7
microsoft 2mo ago
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network.
CVE-2026-20945 medium 4.6
4.6
microsoft 2mo ago
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201 medium 6.5
8.0
KEV microsoft 2mo ago
Microsoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26134 high 7.8
7.8
microsoft 3mo ago
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-26110 high 7.8
7.8
microsoft 3mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-25180 medium 5.5
5.5
FIX windows microsoft 3mo ago
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
CVE-2026-24285 high 7.0
7.0
FIX windows microsoft 3mo ago
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
CVE-2025-62557 high 7.8
7.8
microsoft 6mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62554 high 7.8
7.8
microsoft 6mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62199 high 7.8
7.8
microsoft 7mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59234 high 7.8
7.8
microsoft 8mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-59227 high 7.8
7.8
microsoft 8mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53799 medium 5.5
5.5
FIX windows microsoft 9mo ago
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-53732 high 7.8
7.8
microsoft 10mo ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 high 7.8
7.8
microsoft 11mo ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697 high 8.4
8.4
microsoft 11mo ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696 high 8.4
8.4
microsoft 11mo ago
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49695 high 8.4
8.4
microsoft 11mo ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47953 high 8.4
8.4
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47167 high 8.4
8.4
microsoft 1y ago
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47164 high 8.4
8.4
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162 high 8.4
8.4
microsoft 1y ago
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-30388 high 7.8
7.8
FIX windows microsoft 1y ago
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30386 high 7.8
7.8
microsoft 1y ago
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-26687 high 7.5
7.5
FIX windows microsoft 1y ago
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-21402 high 7.8
7.8
microsoft 1y ago
Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2025-21361 high 7.8
7.8
microsoft 1y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-21338 high 7.8
7.8
FIX windows microsoft 1y ago
GDI+ Remote Code Execution Vulnerability
CVE-2024-38250 high 7.8
7.8
FIX windows microsoft 2y ago
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2024-30104 high 7.8
7.8
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30103 high 8.8
8.8
microsoft 2y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2024-30101 high 7.5
7.5
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-26257 high 7.8
7.8
microsoft 2y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2024-20673 high 7.8
7.8
microsoft 2y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2023-36009 medium 5.5
5.5
microsoft 3y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2023-44487 high 7.5
10.0
KEV EXP FIX rocky rhel debian siemens ietf nghttp2 3y ago
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2023-36565 high 7.0
7.0
microsoft 3y ago
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2023-36897 medium 6.5
6.5
microsoft 3y ago
Visual Studio Tools for Office Runtime Spoofing Vulnerability
CVE-2023-33162 medium 5.5
5.5
microsoft 3y ago
Microsoft Excel Information Disclosure Vulnerability
CVE-2023-33161 high 7.8
7.8
microsoft 3y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33158 high 7.8
7.8
microsoft 3y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2023-33153 high 8.8
8.8
microsoft 3y ago
Microsoft Outlook Remote Code Execution Vulnerability
CVE-2023-33152 high 7.8
7.8
microsoft 3y ago
Microsoft ActiveX Remote Code Execution Vulnerability
CVE-2023-33151 medium 6.5
6.5
microsoft 3y ago
Microsoft Outlook Spoofing Vulnerability
CVE-2023-33149 high 7.8
7.8
microsoft 3y ago
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2023-33148 high 7.8
8.8
EXP microsoft 3y ago
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-29335 high 7.5
7.5
windows microsoft 3y ago
Microsoft Word Security Feature Bypass Vulnerability
CVE-2023-29333 low 3.3
3.3
microsoft 3y ago
Microsoft Access Denial of Service Vulnerability
CVE-2023-23398 high 7.1
7.1
microsoft 3y ago
Microsoft Excel Spoofing Vulnerability
CVE-2023-23391 medium 5.5
5.5
microsoft 3y ago
Office for Android Spoofing Vulnerability
CVE-2022-44696 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44695 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44694 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44702 high 7.8
7.8
windows microsoft 4y ago
Windows Terminal Remote Code Execution Vulnerability
CVE-2022-41107 high 7.8
7.8
microsoft 4y ago
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-41106 high 8.8
8.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41105 medium 5.5
5.5
microsoft 4y ago
Microsoft Excel Information Disclosure Vulnerability
CVE-2022-41104 medium 5.5
5.5
microsoft 4y ago
Microsoft Excel Security Feature Bypass Vulnerability
CVE-2022-41103 medium 5.5
5.5
microsoft 4y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2022-41063 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-41061 high 7.8
7.8
microsoft 4y ago
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-41060 medium 5.5
5.5
microsoft 4y ago
Microsoft Word Information Disclosure Vulnerability
CVE-2022-38013 high 7.5
7.5
rhel rocky fedora microsoft 4y ago
RHSA-2022:6539: .NET 6.0 security and bugfix update (Moderate)
CVE-2022-29109 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-29107 medium 5.5
5.5
microsoft 4y ago
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-26934 medium 6.5
6.5
windows microsoft 4y ago
Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-29145 high 7.5
7.5
rhel sles rocky microsoft 4y ago
RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important)
CVE-2022-29117 high 7.5
7.5
rhel sles rocky microsoft 4y ago
RHSA-2022:2202: .NET Core 3.1 security, bug fix, and enhancement update (Important)
CVE-2022-26901 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-24473 high 7.8
7.8
microsoft 4y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-24511 medium 5.5
5.5
microsoft 4y ago
Microsoft Office Word Tampering Vulnerability
CVE-2022-24510 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24509 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24462 medium 5.5
5.5
microsoft 4y ago
Microsoft Word Security Feature Bypass Vulnerability
CVE-2022-24461 high 7.8
7.8
microsoft 4y ago
Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-24512 medium 6.3
6.3
rocky fedora rhel microsoft 4y ago
RHSA-2022:0830: .NET 5.0 security and bugfix update (Important)
CVE-2022-24501 high 7.8
7.8
microsoft 4y ago
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-24464 high 7.5
7.5
rocky fedora rhel microsoft 4y ago
RHSA-2022:0830: .NET 5.0 security and bugfix update (Important)
CVE-2022-24457 high 7.8
7.8
microsoft 4y ago
HEIF Image Extensions Remote Code Execution Vulnerability
CVE-2022-24451 high 7.8
7.8
microsoft 4y ago
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-23282 high 7.8
7.8
microsoft 4y ago
Paint 3D Remote Code Execution Vulnerability
CVE-2022-22709 high 7.8
7.8
microsoft 4y ago
VP9 Video Extensions Remote Code Execution Vulnerability
CVE-2022-21841 high 7.8
7.8
microsoft 5y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-21840 high 8.8
8.8
microsoft 5y ago
Microsoft Office Remote Code Execution Vulnerability
CVE-2021-43875 high 7.8
7.8
microsoft 5y ago
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2021-43256 high 7.8
7.8
microsoft 5y ago
Microsoft Excel Remote Code Execution Vulnerability
CVE-2021-43255 medium 5.5
5.5
microsoft 5y ago
Microsoft Office Trust Center Spoofing Vulnerability
CVE-2021-42295 medium 5.5
5.5
microsoft 5y ago
Visual Basic for Applications Information Disclosure Vulnerability
CVE-2021-42293 medium 6.5
6.5
microsoft 5y ago
Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability
CVE-2021-42296 high 7.8
7.8
microsoft 5y ago
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-17091 high 7.8
7.8
microsoft 6y ago
Microsoft Teams Remote Code Execution Vulnerability
CVE-2020-17003 high 7.8
7.8
microsoft 6y ago
<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p>
<p>An attacker who successfully exploited the vulnerability would gain execution on a v…
CVE-2020-16918 high 7.8
7.8
microsoft 6y ago
<p>A remote code execution vulnerability exists when the Base3D rendering engine improperly handles memory.</p>
<p>An attacker who successfully exploited the vulnerability would gain execution on a v…
CVE-2018-3639 medium 5.5
6.5
EXP FIX sles debian rhel intel arm redhat 8y ago
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of i…
CVE-2017-11939 medium 6.5
6.5
microsoft 9y ago
Microsoft Office 2016 Click-to-Run (C2R) allows an information disclosure vulnerability due to the way Microsoft Office enforces DRM copy/paste permissions, aka "Microsoft Office Information Disclosu…
CVE-2017-11936 high 8.8
8.8
microsoft 9y ago
Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
