Microsoft vulnerabilities

Showing 1 - 50 of 579 CVEs

  1. CVE-2026-21535 Published Feb 19, 2026

    Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

  2. CVE-2026-0102 Published Feb 17, 2026

    Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

  3. CVE-2026-21527 Published Feb 10, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  4. CVE-2026-21511 Published Feb 10, 2026

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  5. CVE-2026-21261 Published Feb 10, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  6. CVE-2026-21260 Published Feb 10, 2026

    Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  7. CVE-2026-21259 Published Feb 10, 2026

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

  8. CVE-2026-21258 Published Feb 10, 2026

    Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  9. CVE-2026-0391 Published Feb 5, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

  10. CVE-2026-21509 Published Jan 26, 2026

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

  11. CVE-2026-21223 Published Jan 16, 2026

    Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

  12. CVE-2026-20963 Published Jan 13, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  13. CVE-2026-20959 Published Jan 13, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  14. CVE-2026-20958 Published Jan 13, 2026

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

  15. CVE-2026-20957 Published Jan 13, 2026

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  16. CVE-2026-20955 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  17. CVE-2026-20953 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  18. CVE-2026-20952 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  19. CVE-2026-20951 Published Jan 13, 2026

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  20. CVE-2026-20950 Published Jan 13, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  21. CVE-2026-20948 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  22. CVE-2026-20947 Published Jan 13, 2026

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  23. CVE-2026-20946 Published Jan 13, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  24. CVE-2026-20943 Published Jan 13, 2026

    Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

  25. CVE-2025-65046 Published Dec 18, 2025

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  26. CVE-2025-14174 Published Dec 12, 2025

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  27. CVE-2025-64672 Published Dec 9, 2025

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  28. CVE-2025-64667 Published Dec 9, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  29. CVE-2025-64666 Published Dec 9, 2025

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  30. CVE-2025-62564 Published Dec 9, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  31. CVE-2025-62563 Published Dec 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  32. CVE-2025-62562 Published Dec 9, 2025

    Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

  33. CVE-2025-62561 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  34. CVE-2025-62560 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  35. CVE-2025-62559 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  36. CVE-2025-62558 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  37. CVE-2025-62557 Published Dec 9, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  38. CVE-2025-62556 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  39. CVE-2025-62555 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  40. CVE-2025-62554 Published Dec 9, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  41. CVE-2025-62553 Published Dec 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  42. CVE-2025-62552 Published Dec 9, 2025

    Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

  43. CVE-2025-62223 Published Dec 5, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

  44. CVE-2025-62204 Published Nov 11, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  45. CVE-2025-62203 Published Nov 11, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  46. CVE-2025-62202 Published Nov 11, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  47. CVE-2025-62201 Published Nov 11, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  48. CVE-2025-62200 Published Nov 11, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  49. CVE-2025-62199 Published Nov 11, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  50. CVE-2025-60727 Published Nov 11, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.