Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-38010

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-13 Sep, 2022 | 18:42
Updated At-11 Mar, 2025 | 16:10
Rejected At-
Credits

Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:13 Sep, 2022 | 18:42
Updated At:11 Mar, 2025 | 16:10
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office 2019
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 19.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft 365 Apps for Enterprise
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2021
Platforms
  • x64-based Systems
  • 32-bit Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visio 2013 Service Pack 1
Platforms
  • 32-bit Systems
Versions
Affected
  • From 15.0.1 before 15.0.5485.1001 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visio 2013 Service Pack 1
Platforms
  • x64-based Systems
Versions
Affected
  • From 15.0.1 before 15.0.5485.1001 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Visio 2016
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before 16.0.5361.1002 (custom)
Problem Types
TypeCWE IDDescription
ImpactN/ARemote Code Execution
Type: Impact
CWE ID: N/A
Description: Remote Code Execution
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
vendor-advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
Resource:
vendor-advisory
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
vendor-advisory
x_transferred
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
Resource:
vendor-advisory
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:13 Sep, 2022 | 19:15
Updated At:11 Apr, 2023 | 21:15

Microsoft Office Visio Remote Code Execution Vulnerability

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>365_apps>>-
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*
Microsoft Corporation
microsoft
>>365_apps>>-
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*
Microsoft Corporation
microsoft
>>office>>2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>office>>2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2021
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x64:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2021
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:*:x86:*
Microsoft Corporation
microsoft
>>visio>>2013
cpe:2.3:a:microsoft:visio:2013:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>visio>>2016
cpe:2.3:a:microsoft:visio:2016:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38010
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2267Records found
CVE-2026-22561
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 1.67%
||
7 Day CHG~0.00%
Published-31 Mar, 2026 | 15:30
Updated-10 May, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path elements in Anthropic Claude for Windows installer (Claude Setup.exe) versions prior to 1.1.3363 allow local privilege escalation via DLL search-order hijacking. The installer loads DLLs (e.g., profapi.dll) from its own directory after UAC elevation, enabling arbitrary code execution if a malicious DLL is planted alongside the installer.

Action-Not Available
Vendor-anthropicAnthropicMicrosoft Corporation
Product-windowsclaudeClaude Desktop - Windows
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2020-3979
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.78%
||
7 Day CHG~0.00%
Published-18 Sep, 2020 | 17:37
Updated-04 Aug, 2024 | 07:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer.

Action-Not Available
Vendor-installbuildern/aMicrosoft Corporation
Product-installbuilderwindowsVMware InstallBuilder
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2019-5443
Matching Score-8
Assigner-HackerOne
ShareView Details
Matching Score-8
Assigner-HackerOne
CVSS Score-7.8||HIGH
EPSS-0.99% / 77.10%
||
7 Day CHG-0.01%
Published-02 Jul, 2019 | 18:31
Updated-04 Aug, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

Action-Not Available
Vendor-n/aNetApp, Inc.CURLOracle CorporationMicrosoft Corporation
Product-http_serveroncommand_insightoncommand_unified_managerwindowsoss_support_toolsoncommand_workflow_automationcurlsnapcenterenterprise_manager_ops_centermysql_servercurl
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2026-21287
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.06% / 19.63%
||
7 Day CHG+0.02%
Published-13 Jan, 2026 | 19:44
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Substance3D - Stager | Use After Free (CWE-416)

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macoswindowssubstance_3d_stagerSubstance3D - Stager
CWE ID-CWE-416
Use After Free
CVE-2023-26413
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20315: Adobe Substance 3D Designer USD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_designerSubstance3D - Designer
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-0907
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-10.11% / 93.18%
||
7 Day CHG~0.00%
Published-12 Jun, 2019 | 13:49
Updated-20 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jet Database Engine Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory. An attacker who successfully exploited this vulnerability could execute arbitrary code on a victim system. An attacker could exploit this vulnerability by enticing a victim to open a specially crafted file. The update addresses the vulnerability by correcting the way the Windows Jet Database Engine handles objects in memory.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_7windows_rt_8.1windows_server_2019windows_8.1windows_server_2008windows_10Windows Server 2008 R2 Systems Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server, version 1803 (Server Core Installation)Windows Server 2019Windows Server 2012 R2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 7 Service Pack 1Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1507Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 8.1Windows Server 2008 R2 Service Pack 1Windows Server 2012Windows 10 Version 1703Windows 7Windows 10 Version 1809
CVE-2022-21988
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.94% / 83.62%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019
CVE-2023-26422
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.24% / 46.57%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20176: Adobe Acrobat Reader DC AcroForm deleteItemAt Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-416
Use After Free
CVE-2022-21844
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.55% / 85.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionsHEVC Video Extension
CVE-2022-21821
Matching Score-8
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-8
Assigner-NVIDIA Corporation
CVSS Score-7.8||HIGH
EPSS-0.55% / 68.27%
||
7 Day CHG~0.00%
Published-29 Mar, 2022 | 20:05
Updated-03 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA CUDA Toolkit SDK contains an integer overflow vulnerability in cuobjdump.To exploit this vulnerability, a remote attacker would require a local user to download a specially crafted, corrupted file and locally execute cuobjdump against the file. Such an attack may lead to remote code execution that causes complete denial of service and an impact on data confidentiality and integrity.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kernelcuda_toolkitNVIDIA CUDA Toolkit
CWE ID-CWE-1285
Improper Validation of Specified Index, Position, or Offset in Input
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-21917
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.76% / 86.18%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video Extensions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21970
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.35% / 85.06%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:23
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-21927
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.55% / 85.66%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionsHEVC Video Extension
CVE-2022-22024
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.71% / 82.53%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:36
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax Service Remote Code Execution Vulnerability

Windows Fax Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-22006
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.39% / 85.19%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:06
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionHEVC Video Extensions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-21974
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-8.81% / 92.61%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Roaming Security Rights Management Services Remote Code Execution Vulnerability

Roaming Security Rights Management Services Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2022-21841
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.10% / 86.96%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2021Microsoft Office 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2022-21878
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.22% / 87.20%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Geolocation Service Remote Code Execution Vulnerability

Windows Geolocation Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2019windows_10windows_server_2016Windows Server 2022Windows 10 Version 1607Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2023-26408
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.14% / 33.53%
||
7 Day CHG~0.00%
Published-12 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20712: AnnotsString Object prototype pollution Restrictions Bypass Vulnerability

Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-284
Improper Access Control
CVE-2022-22003
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.86% / 86.40%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2016Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2021Microsoft Office 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2022-21971
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-87.79% / 99.48%
||
7 Day CHG+0.68%
Published-09 Feb, 2022 | 16:36
Updated-30 Oct, 2025 | 19:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-08||Apply updates per vendor instructions.
Windows Runtime Remote Code Execution Vulnerability

Windows Runtime Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_21h2windows_10_1909windows_10_21h1windows_10_21h2windows_server_2022windows_10_1809windows_server_2019windows_server_20h2windows_10_20h2Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 21H2Windows 10 Version 1809Windows Server version 20H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2022-22007
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.39% / 85.19%
||
7 Day CHG~0.00%
Published-09 Mar, 2022 | 17:06
Updated-08 Jul, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionHEVC Video Extensions
CWE ID-CWE-787
Out-of-bounds Write
CVE-2016-0165
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-6.04% / 90.82%
||
7 Day CHG-0.15%
Published-12 Apr, 2016 | 23:00
Updated-21 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-07-13||Apply updates per vendor instructions.

The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0143 and CVE-2016-0167.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_8.1windows_10_1511windows_server_2008windows_vistawindows_10_1507windows_rt_8.1windows_server_2012n/aWin32k
CVE-2022-21926
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.21% / 87.18%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionsHEVC Video Extension
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-24082
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.22% / 44.15%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:58
Updated-13 Feb, 2026 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_server365_appsofficeoffice_long_term_servicing_channelexcelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2022-21992
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.50% / 81.31%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mobile Device Management Remote Code Execution Vulnerability

Windows Mobile Device Management Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_11windows_10windows_server_2019Windows Server 2022Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2026-20951
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.75%
||
7 Day CHG+0.03%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SharePoint Server Remote Code Execution Vulnerability

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverMicrosoft SharePoint Enterprise Server 2016Microsoft SharePoint Server 2019Microsoft SharePoint Server Subscription Edition
CWE ID-CWE-20
Improper Input Validation
CVE-2022-21842
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.95% / 86.60%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-wordsharepoint_enterprise_serverMicrosoft Word 2016Microsoft SharePoint Enterprise Server 2016
CVE-2022-22004
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.89% / 83.41%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 16:36
Updated-02 Jan, 2025 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office ClickToRun Remote Code Execution Vulnerability

Microsoft Office ClickToRun Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2013 Click-to-Run (C2R)
CVE-2022-22018
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.16% / 87.07%
||
7 Day CHG-0.26%
Published-15 Jun, 2022 | 21:51
Updated-02 Jan, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-hevc_video_extensionsHEVC Video ExtensionsHEVC Video Extension
CVE-2022-22027
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.85% / 86.39%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:36
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Fax Service Remote Code Execution Vulnerability

Windows Fax Service Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2016 (Server Core installation)Windows Server 2022Windows Server 2019 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2012 R2 (Server Core installation)Windows Server 2012Windows 8.1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 21H2Windows Server version 20H2Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2016Windows 7Windows 11 version 21H2Windows 7 Service Pack 1Windows 10 Version 21H1
CVE-2022-21888
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.85% / 86.40%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 20:22
Updated-02 Jan, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Modern Execution Server Remote Code Execution Vulnerability

Windows Modern Execution Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_11windows_server_2019windows_10Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows 11 version 21H2Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CVE-2026-21324
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.41%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:53
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Read (CWE-125)

After Effects versions 25.6 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macosafter_effectswindowsAfter Effects
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-21277
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.92%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 18:35
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 21.0, 19.5.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macoswindowsindesignInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20957
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 36.63%
||
7 Day CHG+0.07%
Published-13 Jan, 2026 | 17:57
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_online_serveroffice_long_term_servicing_channeloffice365_appsMicrosoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2024Microsoft Office 2019Office Online ServerMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-21318
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.66%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:53
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Out-of-bounds Write (CWE-787)

After Effects versions 25.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macosafter_effectswindowsAfter Effects
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21259
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.13%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Elevation of Privilege Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsexceloffice_long_term_servicing_channeloffice_online_serverofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC 2021Office Online ServerMicrosoft Office LTSC 2024Microsoft Excel 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21351
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.01% / 3.00%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:52
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
After Effects | Use After Free (CWE-416)

After Effects versions 25.6 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-macosafter_effectswindowsAfter Effects
CWE ID-CWE-416
Use After Free
CVE-2023-26412
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 27.84%
||
7 Day CHG~0.00%
Published-13 Apr, 2023 | 00:00
Updated-05 Mar, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20314: Adobe Substance 3D Designer USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Designer version 12.4.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsmacossubstance_3d_designerSubstance3D - Designer
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-21357
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.40%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:59
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
InDesign Desktop | Heap-based Buffer Overflow (CWE-122)

InDesign Desktop versions 21.1, 20.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-indesignmacoswindowsInDesign Desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-20948
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.14%
||
7 Day CHG+0.03%
Published-13 Jan, 2026 | 17:57
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelsharepoint_serverwordMicrosoft Office LTSC for Mac 2024Microsoft Word 2016Microsoft SharePoint Server 2019Microsoft Office LTSC 2024Microsoft Office 2019Microsoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2026-20949
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 9.05%
||
7 Day CHG+0.01%
Published-13 Jan, 2026 | 17:57
Updated-01 Apr, 2026 | 13:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Security Feature Bypass Vulnerability

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-284
Improper Access Control
CVE-2026-21516
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.03% / 8.85%
||
7 Day CHG~0.00%
Published-10 Feb, 2026 | 17:51
Updated-11 May, 2026 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GitHub Copilot for Jetbrains Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-github_copilotGitHub Copilot Plugin for JetBrains IDEs
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2021-46816
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-1.74% / 82.68%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:19
Updated-23 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Premiere Pro M4A file memory corruption vulnerability could lead to remote code execution

Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowspremiere_promacosPremiere
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-46817
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-3.84% / 88.30%
||
7 Day CHG~0.00%
Published-13 Jun, 2022 | 12:15
Updated-23 Apr, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder M4A file memory corruption vulnerability could lead to remote code execution

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsmacosmedia_encoderMedia Encoder
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-26334
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.10% / 26.69%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20149: Adobe Dimension USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsdimensionmacosDimension
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2023-26329
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-7.8||HIGH
EPSS-0.15% / 34.60%
||
7 Day CHG~0.00%
Published-28 Mar, 2023 | 00:00
Updated-05 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-20213: Adobe Dimension OBJ File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Adobe Inc.Microsoft Corporation
Product-windowsdimensionmacosDimension
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-21365
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.58% / 69.27%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-36792
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.97% / 76.87%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_server_2008visual_studio_2019windows_11_21h2windows_server_2022.net_frameworkwindows_10_21h2windows_10_1809visual_studio_2022.netwindows_10_22h2windows_11_22h2visual_studio_2017windows_server_2019windows_10_1607Microsoft Visual Studio 2022 version 17.6Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5 and 4.6.2Microsoft .NET Framework 3.5.NET 7.0.NET 6.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8PowerShell 7.2Microsoft .NET Framework 3.5 AND 4.7.2Microsoft .NET Framework 4.8Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.4Microsoft .NET Framework 3.0 Service Pack 2Microsoft Visual Studio 2022 version 17.7Microsoft .NET Framework 4.6.2Microsoft .NET Framework 3.5 AND 4.8.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21361
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.52% / 66.96%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-26 Feb, 2026 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Microsoft Outlook Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoutlookMicrosoft Office LTSC for Mac 2024Microsoft Outlook for MacMicrosoft Office LTSC for Mac 2021
CWE ID-CWE-641
Improper Restriction of Names for Files and Other Resources
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 45
  • 46
  • Next
Details not found