Microsoft vulnerabilities

Showing 51 - 100 of 2.2K CVEs

  1. CVE-2026-21509 Published Jan 26, 2026

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

  2. CVE-2026-21223 Published Jan 16, 2026

    Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

  3. CVE-2026-20963 Published Jan 13, 2026

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

  4. CVE-2026-20959 Published Jan 13, 2026

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  5. CVE-2026-20958 Published Jan 13, 2026

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

  6. CVE-2026-20957 Published Jan 13, 2026

    Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  7. CVE-2026-20955 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  8. CVE-2026-20953 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  9. CVE-2026-20952 Published Jan 13, 2026

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  10. CVE-2026-20951 Published Jan 13, 2026

    Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  11. CVE-2026-20950 Published Jan 13, 2026

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  12. CVE-2026-20948 Published Jan 13, 2026

    Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  13. CVE-2026-20947 Published Jan 13, 2026

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  14. CVE-2026-20946 Published Jan 13, 2026

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  15. CVE-2026-20943 Published Jan 13, 2026

    Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.

  16. CVE-2025-65046 Published Dec 18, 2025

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  17. CVE-2025-14174 Published Dec 12, 2025

    Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  18. CVE-2025-64672 Published Dec 9, 2025

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  19. CVE-2025-64667 Published Dec 9, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  20. CVE-2025-64666 Published Dec 9, 2025

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  21. CVE-2025-62564 Published Dec 9, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  22. CVE-2025-62563 Published Dec 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  23. CVE-2025-62562 Published Dec 9, 2025

    Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

  24. CVE-2025-62561 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  25. CVE-2025-62560 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  26. CVE-2025-62559 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  27. CVE-2025-62558 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  28. CVE-2025-62557 Published Dec 9, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  29. CVE-2025-62556 Published Dec 9, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  30. CVE-2025-62555 Published Dec 9, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  31. CVE-2025-62554 Published Dec 9, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  32. CVE-2025-62553 Published Dec 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  33. CVE-2025-62552 Published Dec 9, 2025

    Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

  34. CVE-2025-62223 Published Dec 5, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network.

  35. CVE-2025-62204 Published Nov 11, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  36. CVE-2025-62203 Published Nov 11, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  37. CVE-2025-62202 Published Nov 11, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  38. CVE-2025-62201 Published Nov 11, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  39. CVE-2025-62200 Published Nov 11, 2025

    Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  40. CVE-2025-62199 Published Nov 11, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  41. CVE-2025-60727 Published Nov 11, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  42. CVE-2025-60726 Published Nov 11, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  43. CVE-2025-60724 Published Nov 11, 2025

    Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.

  44. CVE-2025-59240 Published Nov 11, 2025

    Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  45. CVE-2025-60711 Published Oct 31, 2025

    Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

  46. CVE-2025-59249 Published Oct 14, 2025

    Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

  47. CVE-2025-59248 Published Oct 14, 2025

    Improper input validation in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.

  48. CVE-2025-59238 Published Oct 14, 2025

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  49. CVE-2025-59237 Published Oct 14, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  50. CVE-2025-59235 Published Oct 14, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.