Microsoft vulnerabilities

Showing 101 - 150 of 1.4K CVEs

  1. CVE-2025-54899 Published Sep 9, 2025

    Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  2. CVE-2025-54898 Published Sep 9, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  3. CVE-2025-54897 Published Sep 9, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  4. CVE-2025-54896 Published Sep 9, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  5. CVE-2025-53799 Published Sep 9, 2025

    Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

  6. CVE-2025-53791 Published Sep 5, 2025

    Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

  7. CVE-2025-53761 Published Aug 12, 2025

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  8. CVE-2025-53759 Published Aug 12, 2025

    Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  9. CVE-2025-53741 Published Aug 12, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  10. CVE-2025-53740 Published Aug 12, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  11. CVE-2025-53739 Published Aug 12, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  12. CVE-2025-53738 Published Aug 12, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  13. CVE-2025-53760 Published Aug 12, 2025

    Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

  14. CVE-2025-53734 Published Aug 12, 2025

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

  15. CVE-2025-53733 Published Aug 12, 2025

    Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  16. CVE-2025-53737 Published Aug 12, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  17. CVE-2025-53732 Published Aug 12, 2025

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  18. CVE-2025-53735 Published Aug 12, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  19. CVE-2025-53736 Published Aug 12, 2025

    Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

  20. CVE-2025-53730 Published Aug 12, 2025

    Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

  21. CVE-2025-53731 Published Aug 12, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  22. CVE-2025-50154 Published Aug 12, 2025

    Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

  23. CVE-2025-49712 Published Aug 12, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  24. CVE-2025-25005 Published Aug 12, 2025

    Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.

  25. CVE-2025-53786 Published Aug 6, 2025

    On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. Microsoft made these changes in the general interest of improving the security of hybrid Exchange deployments. Following further investigation, Microsoft identified specific security implications tied to the guidance and configuration steps outlined in the April announcement. Microsoft is issuing CVE-2025-53786 to document a vulnerability that is addressed by taking the steps documented with the April 18th announcement. Microsoft strongly recommends reading the information, installing the April 2025 (or later) Hot Fix and implementing the changes in your Exchange Server and hybrid environment.

  26. CVE-2025-53771 Published Jul 20, 2025

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  27. CVE-2025-53770 Published Jul 20, 2025

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.

  28. CVE-2025-47964 Published Jul 11, 2025

    Microsoft Edge (Chromium-based) Spoofing Vulnerability

  29. CVE-2025-47963 Published Jul 11, 2025

    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  30. CVE-2025-47182 Published Jul 11, 2025

    Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.

  31. CVE-2025-49737 Published Jul 8, 2025

    Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

  32. CVE-2025-49739 Published Jul 8, 2025

    Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

  33. CVE-2025-49731 Published Jul 8, 2025

    Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.

  34. CVE-2025-49711 Published Jul 8, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  35. CVE-2025-49706 Published Jul 8, 2025

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  36. CVE-2025-49705 Published Jul 8, 2025

    Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  37. CVE-2025-49701 Published Jul 8, 2025

    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  38. CVE-2025-49703 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  39. CVE-2025-49704 Published Jul 8, 2025

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  40. CVE-2025-49702 Published Jul 8, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  41. CVE-2025-49700 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  42. CVE-2025-49699 Published Jul 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  43. CVE-2025-49698 Published Jul 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  44. CVE-2025-49697 Published Jul 8, 2025

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  45. CVE-2025-49696 Published Jul 8, 2025

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

  46. CVE-2025-49695 Published Jul 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  47. CVE-2025-49689 Published Jul 8, 2025

    Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

  48. CVE-2025-48812 Published Jul 8, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

  49. CVE-2025-47994 Published Jul 8, 2025

    Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

  50. CVE-2025-49713 Published Jul 2, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.