Microsoft vulnerabilities

Showing 1 - 50 of 1.4K CVEs

  1. CVE-2026-32201 Published Apr 14, 2026

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  2. CVE-2026-33118 Published Apr 10, 2026

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  3. CVE-2026-26133 Published Mar 16, 2026

    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  4. CVE-2026-0385 Published Mar 16, 2026

    Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

  5. CVE-2026-26134 Published Mar 10, 2026

    Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.

  6. CVE-2026-26114 Published Mar 10, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  7. CVE-2026-26113 Published Mar 10, 2026

    Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

  8. CVE-2026-26112 Published Mar 10, 2026

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  9. CVE-2026-26110 Published Mar 10, 2026

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  10. CVE-2026-26109 Published Mar 10, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  11. CVE-2026-26108 Published Mar 10, 2026

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  12. CVE-2026-26107 Published Mar 10, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  13. CVE-2026-26106 Published Mar 10, 2026

    Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  14. CVE-2026-26105 Published Mar 10, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  15. CVE-2026-25180 Published Mar 10, 2026

    Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.

  16. CVE-2026-24285 Published Mar 10, 2026

    Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.

  17. CVE-2026-21535 Published Feb 19, 2026

    Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

  18. CVE-2026-0102 Published Feb 17, 2026

    Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.

  19. CVE-2026-21527 Published Feb 10, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  20. CVE-2026-21511 Published Feb 10, 2026

    Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  21. CVE-2026-21261 Published Feb 10, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  22. CVE-2026-21260 Published Feb 10, 2026

    Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

  23. CVE-2026-21259 Published Feb 10, 2026

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

  24. CVE-2026-21258 Published Feb 10, 2026

    Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  25. CVE-2026-0391 Published Feb 5, 2026

    User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

  26. CVE-2026-21509 Published Jan 26, 2026

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

  27. CVE-2026-21223 Published Jan 16, 2026

    Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

  28. CVE-2026-20963 Published Jan 13, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

  29. CVE-2026-20959 Published Jan 13, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  30. CVE-2026-20958 Published Jan 13, 2026

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

  31. CVE-2026-20957 Published Jan 13, 2026

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  32. CVE-2026-20955 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  33. CVE-2026-20953 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  34. CVE-2026-20952 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  35. CVE-2026-20951 Published Jan 13, 2026

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  36. CVE-2026-20950 Published Jan 13, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  37. CVE-2026-20948 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  38. CVE-2026-20947 Published Jan 13, 2026

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  39. CVE-2026-20946 Published Jan 13, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  40. CVE-2026-20943 Published Jan 13, 2026

    Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

  41. CVE-2025-65046 Published Dec 18, 2025

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  42. CVE-2025-14174 Published Dec 12, 2025

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  43. CVE-2025-64672 Published Dec 9, 2025

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  44. CVE-2025-64667 Published Dec 9, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  45. CVE-2025-64666 Published Dec 9, 2025

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  46. CVE-2025-62564 Published Dec 9, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  47. CVE-2025-62563 Published Dec 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  48. CVE-2025-62562 Published Dec 9, 2025

    Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

  49. CVE-2025-62561 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  50. CVE-2025-62560 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.