Microsoft vulnerabilities

Showing 1 - 50 of 2.3K CVEs

  1. CVE-2026-47294 Published Jun 1, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  2. CVE-2026-45659 Published May 22, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  3. CVE-2026-45495 Published May 18, 2026

    Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

  4. CVE-2026-45494 Published May 18, 2026

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  5. CVE-2026-45492 Published May 18, 2026

    Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

  6. CVE-2026-42897 Published May 14, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  7. CVE-2026-42891 Published May 12, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  8. CVE-2026-42838 Published May 12, 2026

    Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network.

  9. CVE-2026-42832 Published May 12, 2026

    Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.

  10. CVE-2026-42831 Published May 12, 2026

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  11. CVE-2026-41107 Published May 12, 2026

    External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  12. CVE-2026-40421 Published May 12, 2026

    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  13. CVE-2026-40420 Published May 12, 2026

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  14. CVE-2026-40419 Published May 12, 2026

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  15. CVE-2026-40418 Published May 12, 2026

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  16. CVE-2026-40416 Published May 12, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  17. CVE-2026-40368 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  18. CVE-2026-40367 Published May 12, 2026

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  19. CVE-2026-40366 Published May 12, 2026

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  20. CVE-2026-40365 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  21. CVE-2026-40364 Published May 12, 2026

    Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  22. CVE-2026-40363 Published May 12, 2026

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  23. CVE-2026-40362 Published May 12, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  24. CVE-2026-40361 Published May 12, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  25. CVE-2026-40360 Published May 12, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  26. CVE-2026-40359 Published May 12, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  27. CVE-2026-40358 Published May 12, 2026

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  28. CVE-2026-40357 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  29. CVE-2026-35440 Published May 12, 2026

    Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  30. CVE-2026-35439 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  31. CVE-2026-35436 Published May 12, 2026

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  32. CVE-2026-33112 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  33. CVE-2026-33110 Published May 12, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  34. CVE-2026-32185 Published May 12, 2026

    Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.

  35. CVE-2026-33823 Published May 7, 2026

    Improper authorization in Microsoft Teams allows an authorized attacker to disclose information over a network.

  36. CVE-2026-33116 Published Apr 14, 2026

    Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.

  37. CVE-2026-32226 Published Apr 14, 2026

    Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.

  38. CVE-2026-32201 Published Apr 14, 2026

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  39. CVE-2026-32200 Published Apr 14, 2026

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  40. CVE-2026-32199 Published Apr 14, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  41. CVE-2026-32198 Published Apr 14, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  42. CVE-2026-32197 Published Apr 14, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  43. CVE-2026-32190 Published Apr 14, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  44. CVE-2026-32189 Published Apr 14, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  45. CVE-2026-32188 Published Apr 14, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  46. CVE-2026-23666 Published Apr 14, 2026

    Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network.

  47. CVE-2026-20945 Published Apr 14, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  48. CVE-2026-33118 Published Apr 10, 2026

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  49. CVE-2026-26133 Published Mar 16, 2026

    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  50. CVE-2026-0385 Published Mar 16, 2026

    Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability