Microsoft vulnerabilities

Showing 151 - 200 of 1.4K CVEs

  1. CVE-2025-49741 Published Jul 1, 2025

    No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

  2. CVE-2025-3052 Published Jun 10, 2025

    An arbitrary write vulnerability in Microsoft signed UEFI firmware allows for code execution of untrusted software. This allows an attacker to control its value, leading to arbitrary memory writes, including modification of critical firmware settings stored in NVRAM. Exploiting this vulnerability could enable security bypasses, persistence mechanisms, or full system compromise.

  3. CVE-2025-47953 Published Jun 10, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  4. CVE-2025-47175 Published Jun 10, 2025

    Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

  5. CVE-2025-47173 Published Jun 10, 2025

    Improper input validation in Microsoft Office allows an unauthorized attacker to execute code locally.

  6. CVE-2025-47172 Published Jun 10, 2025

    Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  7. CVE-2025-47171 Published Jun 10, 2025

    Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.

  8. CVE-2025-47169 Published Jun 10, 2025

    Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  9. CVE-2025-47168 Published Jun 10, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  10. CVE-2025-47167 Published Jun 10, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  11. CVE-2025-47166 Published Jun 10, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  12. CVE-2025-47165 Published Jun 10, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  13. CVE-2025-47164 Published Jun 10, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  14. CVE-2025-47163 Published Jun 10, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  15. CVE-2025-47162 Published Jun 10, 2025

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  16. CVE-2025-5419 Published Jun 3, 2025

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  17. CVE-2025-32704 Published May 13, 2025

    Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  18. CVE-2025-30388 Published May 13, 2025

    Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.

  19. CVE-2025-30384 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  20. CVE-2025-30386 Published May 13, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  21. CVE-2025-30377 Published May 13, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  22. CVE-2025-30382 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  23. CVE-2025-30379 Published May 13, 2025

    Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  24. CVE-2025-30378 Published May 13, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

  25. CVE-2025-30376 Published May 13, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  26. CVE-2025-30381 Published May 13, 2025

    Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  27. CVE-2025-30383 Published May 13, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  28. CVE-2025-29979 Published May 13, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  29. CVE-2025-29976 Published May 13, 2025

    Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

  30. CVE-2025-29977 Published May 13, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  31. CVE-2025-29825 Published May 2, 2025

    User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

  32. CVE-2025-29834 Published Apr 12, 2025

    Out-of-bounds read in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

  33. CVE-2025-29816 Published Apr 8, 2025

    Improper input validation in Microsoft Office Word allows an unauthorized attacker to bypass a security feature over a network.

  34. CVE-2025-29794 Published Apr 8, 2025

    Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  35. CVE-2025-29793 Published Apr 8, 2025

    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  36. CVE-2025-29792 Published Apr 8, 2025

    Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

  37. CVE-2025-29791 Published Apr 8, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  38. CVE-2025-27752 Published Apr 8, 2025

    Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  39. CVE-2025-27751 Published Apr 8, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  40. CVE-2025-27750 Published Apr 8, 2025

    Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

  41. CVE-2025-27749 Published Apr 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  42. CVE-2025-27748 Published Apr 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  43. CVE-2025-27747 Published Apr 8, 2025

    Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

  44. CVE-2025-27746 Published Apr 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  45. CVE-2025-27745 Published Apr 8, 2025

    Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

  46. CVE-2025-27744 Published Apr 8, 2025

    Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally.

  47. CVE-2025-26687 Published Apr 8, 2025

    Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.

  48. CVE-2025-26642 Published Apr 8, 2025

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

  49. CVE-2025-29815 Published Apr 4, 2025

    Use after free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network.

  50. CVE-2025-25000 Published Apr 4, 2025

    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.