Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-47162

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-10 Jun, 2025 | 17:02
Updated At-26 Feb, 2026 | 17:50
Rejected At-
Credits

Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:10 Jun, 2025 | 17:02
Updated At:26 Feb, 2026 | 17:50
Rejected At:
▼CVE Numbering Authority (CNA)
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft 365 Apps for Enterprise
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office 2016
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before 16.0.5504.1000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office 2019
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 19.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office for Android
Versions
Affected
  • From 16.0.1 before 16.0.18925.20000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2021
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2024
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC for Mac 2021
Versions
Affected
  • From 16.0.1 before 16.98.25060824 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC for Mac 2024
Versions
Affected
  • From 16.0.0 before 16.98.25060824 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-122CWE-122: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-122
Description: CWE-122: Heap-based Buffer Overflow
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162
Resource:
vendor-advisory
patch
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:10 Jun, 2025 | 17:23
Updated At:09 Jul, 2025 | 14:00

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Microsoft Corporation
microsoft
>>365_apps>>-
cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:*:*
Microsoft Corporation
microsoft
>>office>>-
cpe:2.3:a:microsoft:office:-:*:*:*:*:android:*:*
Microsoft Corporation
microsoft
>>office>>2016
cpe:2.3:a:microsoft:office:2016:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office>>2019
cpe:2.3:a:microsoft:office:2019:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2021
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:-:*:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2021
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2021:*:*:*:*:macos:*:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2024
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:-:*:*
Microsoft Corporation
microsoft
>>office_long_term_servicing_channel>>2024
cpe:2.3:a:microsoft:office_long_term_servicing_channel:2024:*:*:*:*:macos:*:*
Weaknesses
CWE IDTypeSource
CWE-122Secondarysecure@microsoft.com
CWE ID: CWE-122
Type: Secondary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162secure@microsoft.com
Vendor Advisory
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47162
Source: secure@microsoft.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

874Records found
CVE-2026-40363
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.38% / 30.10%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office for AndroidMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-40364
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-4.42% / 90.12%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelwordofficeMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Word 2016Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2026-32221
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG-0.02%
Published-14 Apr, 2026 | 16:57
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Graphics Component Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_26h1windows_11_25h2windows_server_2025Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-49697
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.46% / 36.59%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_online_serverofficeoffice_long_term_servicing_channelMicrosoft Office 2016Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office for AndroidOffice Online Server
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-32717
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.51% / 39.61%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 23:15
Updated-20 Feb, 2026 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2026-47635
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.33% / 25.11%
||
7 Day CHG+0.07%
Published-09 Jun, 2026 | 17:05
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2024Microsoft Office LTSC 2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-54910
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.53% / 40.96%
||
7 Day CHG-0.01%
Published-09 Sep, 2025 | 17:01
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channel365_appsMicrosoft Office 2016Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2025-49696
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.55% / 41.87%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-13 Feb, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeoffice_long_term_servicing_channelMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Office for AndroidMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office 2016
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-36569
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.61% / 44.47%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 17:07
Updated-14 Apr, 2025 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Elevation of Privilege Vulnerability

Microsoft Office Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channel365_appsMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-62557
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.39% / 30.85%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office 2019Microsoft Office for AndroidMicrosoft Office 2016Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-416
Use After Free
CVE-2025-62554
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.40% / 31.67%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office 2019Microsoft Office for AndroidMicrosoft Office 2016Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2023-47145
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.18% / 7.80%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 18:58
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Windows privilege escalation

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Action-Not Available
Vendor-IBM CorporationMicrosoft Corporation
Product-windowsdb2Db2db2
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-31173
Matching Score-8
Assigner-Schweitzer Engineering Laboratories, Inc.
ShareView Details
Matching Score-8
Assigner-Schweitzer Engineering Laboratories, Inc.
CVSS Score-7.7||HIGH
EPSS-0.20% / 9.88%
||
7 Day CHG~0.00%
Published-31 Aug, 2023 | 15:30
Updated-01 Oct, 2024 | 17:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Use of Hard-coded Credentials

Use of Hard-coded Credentials vulnerability in Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator on Windows allows Authentication Bypass. See Instruction Manual Appendix A and Appendix E dated 20230615 for more details. This issue affects SEL-5037 SEL Grid Configurator: before 4.5.0.20.

Action-Not Available
Vendor-Microsoft CorporationSchweitzer Engineering Laboratories, Inc. (SEL)
Product-windowssel-5037_sel_grid_configuratorSEL-5037 SEL Grid Configuratorsel-5033_acselerator_rtac_software
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-29360
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-22.13% / 97.36%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:26
Updated-28 Oct, 2025 | 14:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-03-21||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Microsoft Streaming Service Elevation of Privilege Vulnerability

Microsoft Streaming Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_22h2windows_10_21h2windows_server_2022windows_10_1607windows_10_22h2windows_10_1809windows_server_2019windows_11_21h2windows_server_2016Windows Server 2022Windows Server 2019Windows 11 version 21H2Windows 10 Version 1607Windows 10 Version 21H2Windows Server 2016 (Server Core installation)Windows 10 Version 1809Windows 11 version 22H2Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows Server 2016Streaming Service
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-28291
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.62% / 45.01%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 19:13
Updated-23 Jan, 2025 | 01:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Raw Image Extension Remote Code Execution Vulnerability

Raw Image Extension Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_11_21h2windows_10_20h2windows_11_22h2raw_image_extensionRaw Image Extension
CWE ID-CWE-20
Improper Input Validation
CVE-2023-28956
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.16% / 5.63%
||
7 Day CHG+0.01%
Published-22 Jun, 2023 | 01:00
Updated-09 Dec, 2024 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Spectrum Protect Backup-Archive Client privilege escalation

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsspectrum_protect_backup-archive_clientSpectrum Protect Backup-Archive Clientspectrum_protect
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-1285
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-3.82% / 88.69%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 17:09
Updated-23 Feb, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GDI+ Remote Code Execution Vulnerability

<p>A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p> <p>There are multiple ways an attacker could exploit the vulnerability:</p> <ul> <li>In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability and then convince users to view the website. An attacker would have no way to force users to view the attacker-controlled content. Instead, an attacker would have to convince users to take action, typically by getting them to open an email attachment or click a link in an email or instant message.</li> <li>In a file-sharing attack scenario, an attacker could provide a specially crafted document file that is designed to exploit the vulnerability, and then convince users to open the document file.</li> </ul> <p>The security update addresses the vulnerability by correcting the way that the Windows GDI handles objects in the memory.</p>

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_rt_8.1windows_server_2012windows_server_2008windows_10windows_8.1windows_7windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 8.1Windows 7Windows Server 2012 (Server Core installation)Windows 10 Version 1709Windows 10 Version 1909Windows 7 Service Pack 1Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)Windows Server, version 1903 (Server Core installation)Windows 10 Version 1709 for 32-bit Systems
CVE-2008-4036
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.53% / 71.57%
||
7 Day CHG~0.00%
Published-15 Oct, 2008 | 00:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_server_2003windows_server_2008windows_xpn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-45458
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.44% / 34.98%
||
7 Day CHG+0.09%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverwordoffice_2019microsoft_365office_2024365_appsoffice_2021Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft SharePoint Server Subscription EditionMicrosoft Word 2016Microsoft Office 365 for MacMicrosoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2026-45474
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.36% / 28.24%
||
7 Day CHG+0.05%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2016365_copilotoffice_2019microsoft_365office_2024365_appsoffice_2021Microsoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office for AndroidMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office 365 for MacMicrosoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-45463
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.34% / 25.73%
||
7 Day CHG+0.06%
Published-09 Jun, 2026 | 17:05
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2016365_copilotoffice_2019microsoft_365office_2024365_appsoffice_2021Microsoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office for AndroidMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office 365 for MacMicrosoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2026-45461
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.36% / 28.24%
||
7 Day CHG+0.05%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2016365_copilotoffice_2019microsoft_365office_2024365_appsoffice_2021Microsoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office for AndroidMicrosoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office 365 for MacMicrosoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2026-44810
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.26% / 17.34%
||
7 Day CHG+0.04%
Published-09 Jun, 2026 | 17:06
Updated-23 Jun, 2026 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2025windows_server_2022windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows 11 version 23H2Windows Server 2022Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025Windows 11 Version 23H2
CWE ID-CWE-287
Improper Authentication
CVE-2026-45641
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.31% / 22.32%
||
7 Day CHG+0.06%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_server_2025windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1Windows 11 Version 25H2Windows Server 2025 (Server Core installation)Windows Server 2022Windows 10 Version 22H2Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2025Windows 11 Version 23H2
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-45456
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.44% / 34.98%
||
7 Day CHG+0.09%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook and Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_2016sharepoint_serveroffice_2019microsoft_365office_2024365_appsoffice_2021Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft SharePoint Server Subscription EditionMicrosoft Word 2016Microsoft Office 365 for MacMicrosoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-843
Access of Resource Using Incompatible Type ('Type Confusion')
CVE-2026-45607
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.36% / 27.52%
||
7 Day CHG+0.05%
Published-09 Jun, 2026 | 17:04
Updated-23 Jun, 2026 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1607windows_server_2025windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_11_24h2windows_11_25h2windows_11_26h1windows_server_2019windows_10_1809Windows Server 2016Windows 11 Version 25H2Windows 10 Version 1607Windows 11 version 23H2Windows 10 Version 22H2Windows Server 2025Windows 10 Version 1809Windows 11 Version 23H2Windows Server 2025 (Server Core installation)Windows Server 2022Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2016-2558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.36% / 27.75%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU graphics driver R340 before 341.95 and R352 before 354.74 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or gain privileges via unspecified vectors related to an untrusted pointer, which trigger uninitialized or out-of-bounds memory access.

Action-Not Available
Vendor-n/aMicrosoft CorporationNVIDIA Corporation
Product-gpu_driver_r340windowsgpu_driver_r352n/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-59236
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.38% / 29.43%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-26 Feb, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_online_server365_appsoffice_long_term_servicing_channelofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Office Online Server
CWE ID-CWE-416
Use After Free
CVE-2026-40358
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.37% / 28.68%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2026-40361
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.60% / 44.40%
||
7 Day CHG+0.02%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook and Word Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelwordofficeMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Word 2016Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2026-40367
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.45% / 36.07%
||
7 Day CHG+0.02%
Published-12 May, 2026 | 16:59
Updated-19 Jun, 2026 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serveroffice365_appsoffice_long_term_servicing_channelwordMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft SharePoint Server Subscription EditionMicrosoft Word 2016Microsoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2023-30431
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.31% / 22.70%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:58
Updated-13 Feb, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 buffer overflow

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.

Action-Not Available
Vendor-Microsoft CorporationHP Inc.IBM CorporationLinux Kernel Organization, IncOracle Corporation
Product-solarislinux_kerneldb2hp-uxwindowsaixDb2 for Linux, UNIX and Windowsdb2_for_linux_unix_and_windows
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2026-20944
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.49% / 38.12%
||
7 Day CHG~0.00%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelMicrosoft Office LTSC for Mac 2024Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for Enterprise
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-27558
Matching Score-8
Assigner-IBM Corporation
ShareView Details
Matching Score-8
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.23% / 13.59%
||
7 Day CHG~0.00%
Published-09 Jul, 2023 | 23:32
Updated-13 Feb, 2025 | 16:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 privilege escalation

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.

Action-Not Available
Vendor-Microsoft CorporationIBM Corporation
Product-windowsdb2Db2 for Windowsdb2_windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30222
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.66% / 46.99%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Shell Remote Code Execution Vulnerability

Windows Shell Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 21H2Windows Server 2019 (Server Core installation)Windows Server version 20H2Windows Server 2019Windows 10 Version 1809Windows 10 Version 1607Windows 10 Version 20H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 10 Version 21H1
CVE-2004-2339
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-1.43% / 69.64%
||
7 Day CHG~0.00%
Published-16 Aug, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_xpwindows_2000windows_2003_servern/a
CVE-2026-32190
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.33% / 24.51%
||
7 Day CHG+0.01%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice365_appsMicrosoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-416
Use After Free
CVE-2026-33114
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.32% / 23.27%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office LTSC for Mac 2024Microsoft 365 Apps for Enterprise
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-49063
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.62% / 73.05%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-09 Jun, 2026 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft/Muzic Remote Code Execution Vulnerability

Microsoft/Muzic Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-muzicMuzic
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-59489
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.59% / 43.81%
||
7 Day CHG~0.00%
Published-03 Oct, 2025 | 00:00
Updated-22 Oct, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. If an application was built with a version of Unity Editor that had the vulnerable Unity Runtime code, then an adversary may be able to execute code on, and exfiltrate confidential information from, the machine on which that application is running. NOTE: product status is provided for Unity Editor because that is the information available from the Supplier. However, updating Unity Editor typically does not address the effects of the vulnerability; instead, it is necessary to rebuild and redeploy all affected applications.

Action-Not Available
Vendor-unityUnity3DGoogle LLCApple Inc.Linux Kernel Organization, IncMicrosoft Corporation
Product-windowslinux_kerneleditormacosandroidUnity Editor
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2026-32091
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.16% / 5.26%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:58
Updated-19 Jun, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Brokering File System Elevation of Privilege Vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2Windows Server 2016Windows 11 Version 25H2Windows 10 Version 1607Windows 10 Version 22H2Windows Server 2025Windows 10 Version 1809Windows 11 Version 23H2Windows 11 version 22H3Windows Server 2025 (Server Core installation)Windows Server 2022Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 21H2Windows 11 Version 24H2Windows 11 version 26H1Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2016 (Server Core installation)
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-416
Use After Free
CVE-2021-33739
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-6.55% / 92.95%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 22:46
Updated-30 Oct, 2025 | 19:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Microsoft DWM Core Library Elevation of Privilege Vulnerability

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1909windows_10_21h1windows_server_2004windows_server_20h2windows_10_2004windows_10_20h2Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 21H1Windows 10 Version 20H2Windows 10 Version 1909Windows Server version 2004Windows
CVE-2011-1231
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-1.35% / 67.88%
||
7 Day CHG~0.00%
Published-13 Apr, 2011 | 20:07
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_7windows_server_2008windows_vistawindows_xpwindows_2003_serverwindows_server_2003n/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2026-26113
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.54% / 41.40%
||
7 Day CHG~0.00%
Published-10 Mar, 2026 | 17:05
Updated-19 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appssharepoint_serveroffice_long_term_servicing_channelofficeMicrosoft Office LTSC for Mac 2021Microsoft Office 2016Microsoft Office LTSC 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft SharePoint Server Subscription EditionMicrosoft SharePoint Enterprise Server 2016Microsoft Office LTSC for Mac 2024Microsoft SharePoint Server 2019Microsoft 365 Apps for Enterprise
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-43584
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.7||HIGH
EPSS-0.54% / 41.08%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:36
Updated-09 Jun, 2026 | 18:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Scripting Engine Security Feature Bypass Vulnerability

Windows Scripting Engine Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_11_24h2windows_11_21h2windows_server_2022windows_11_23h2Windows 11 Version 23H2Windows 11 version 22H3Windows 11 version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows 11 Version 24H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-43497
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.67% / 47.31%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 17:35
Updated-09 Jun, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DeepSpeed Remote Code Execution Vulnerability

DeepSpeed Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-deepspeedDeepSpeed
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2023-3440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.19% / 8.73%
||
7 Day CHG~0.00%
Published-03 Oct, 2023 | 01:05
Updated-02 Aug, 2024 | 06:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
File and Directory Permission Vulnerability in JP1/Performance Management

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.

Action-Not Available
Vendor-Hitachi, Ltd.Microsoft Corporation
Product-windowsjp1\/performance_managementJP1/Performance Management - Remote Monitor for Virtual MachineJP1/Performance Management - Agent Option for IBM WebSphere Application ServerJP1/Performance Management - Agent Option for Service ResponseJP1/Performance Management - Agent Option for Virtual MachineJP1/Performance Management - Remote Monitor for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for PlatformJP1/Performance Management - Agent Option for Enterprise ApplicationsJP1/Performance Management - Agent Option for Application ServerJP1/Performance Management - Agent Option for Microsoft(R) SQL ServerJP1/Performance Management - Agent Option for uCosminexus Application ServerJP1/Performance Management - Remote Monitor for OracleJP1/Performance Management - Agent Option for Microsoft(R) Exchange ServerJP1/Performance Management - BaseJP1/Performance Management - Agent Option for JP1/AJS3JP1/Performance Management - Agent Option for IBM Lotus DominoJP1/Performance Management - Agent Option for OracleJP1/Performance Management - Agent Option for IBM WebSphere MQJP1/Performance Management - Agent Option for DominoJP1/Performance Management - Agent Option for OpenTP1JP1/Performance Management - Agent Option for Microsoft(R) Internet Information ServerJP1/Performance Management - ManagerJP1/Performance Management - Agent Option for Transaction SystemJP1/Performance Management - Remote Monitor for PlatformJP1/Performance Management - Agent Option for HiRDBJP1/Performance Management - Agent Option for Oracle WebLogic Server
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2025-53740
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.50% / 38.90%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsoffice_long_term_servicing_channelofficeMicrosoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office 2016
CWE ID-CWE-416
Use After Free
CVE-2025-53784
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.43% / 34.04%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 17:10
Updated-13 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2025-53782
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-8.4||HIGH
EPSS-0.33% / 24.25%
||
7 Day CHG~0.00%
Published-14 Oct, 2025 | 17:00
Updated-15 Jun, 2026 | 19:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Elevation of Privilege Vulnerability

Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverexchange_server_subscription_editionMicrosoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server Subscription Edition RTMMicrosoft Exchange Server 2019 Cumulative Update 14Microsoft Exchange Server 2019 Cumulative Update 15
CWE ID-CWE-303
Incorrect Implementation of Authentication Algorithm
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 17
  • 18
  • Next
Details not found