Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40360

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-12 May, 2026 | 16:58
Updated At-15 May, 2026 | 17:12
Rejected At-
Credits

Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:12 May, 2026 | 16:58
Updated At:15 May, 2026 | 17:12
Rejected At:
â–¼CVE Numbering Authority (CNA)
Microsoft Excel Information Disclosure Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft 365 Apps for Enterprise
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Excel 2016
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0.0 before 16.0.5552.1000 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office 2019
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 19.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2021
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.1 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC 2024
Platforms
  • 32-bit Systems
  • x64-based Systems
Versions
Affected
  • From 16.0.0 before https://aka.ms/OfficeSecurityReleases (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC for Mac 2021
Versions
Affected
  • From 16.0.1 before 16.109.26051019 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Microsoft Office LTSC for Mac 2024
Versions
Affected
  • From 16.0.0 before 16.109.26051019 (custom)
Vendor
Microsoft CorporationMicrosoft
Product
Office Online Server
Versions
Affected
  • From 16.0.0.0 before 16.0.10417.20128 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-125CWE-125: Out-of-bounds Read
Type: CWE
CWE ID: CWE-125
Description: CWE-125: Out-of-bounds Read
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360
Resource:
vendor-advisory
patch
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@microsoft.com
Published At:12 May, 2026 | 18:17
Updated At:12 May, 2026 | 18:17

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-125Primarysecure@microsoft.com
CWE ID: CWE-125
Type: Primary
Source: secure@microsoft.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360secure@microsoft.com
N/A
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40360
Source: secure@microsoft.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1853Records found
CVE-2024-49028
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 72.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32707
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.65% / 70.98%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_server_2016windows_10_1507windows_server_2019windows_10_1607windows_server_2008windows_10_1809Windows Server 2019 (Server Core installation)Windows Server 2012 R2Windows 10 Version 1607Windows Server 2012Windows Server 2016Windows Server 2019Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2016 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-32705
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 73.09%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:59
Updated-26 Feb, 2026 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30381
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 73.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_online_serveroffice_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2026-26156
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 31.97%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 16:57
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Hyper-V Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_10_21h2windows_10_1809windows_11_25h2windows_server_2022windows_server_2025windows_10_1607windows_server_2019windows_11_26h1windows_11_24h2windows_server_2022_23h2windows_server_2016windows_11_23h2Windows Server 2019Windows 11 version 26H1Windows 10 Version 1809Windows 11 version 22H3Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025 (Server Core installation)Windows 11 Version 25H2Windows 10 Version 22H2Windows 10 Version 21H2Windows Server 2016Windows 11 Version 24H2Windows Server 2019 (Server Core installation)Windows Server 2025Windows Server 2022Windows Server 2016 (Server Core installation)Windows 10 Version 1607Windows 11 Version 23H2
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2025-27741
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.14%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_10_1607windows_server_2012windows_server_2008windows_10_1809windows_server_2016windows_server_2019Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27733
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.14%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_10_1607windows_server_2012windows_server_2008windows_10_1809windows_server_2016windows_server_2019Windows Server 2008 R2 Service Pack 1Windows 10 Version 1607Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-27483
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.21% / 79.14%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:24
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NTFS Elevation of Privilege Vulnerability

Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1607windows_server_2012windows_server_2019windows_10_1809windows_server_2016windows_10_1507Windows 10 Version 1607Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows 10 Version 1507Windows Server 2012 R2Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-30376
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.74% / 73.14%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 16:58
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_online_serveroffice_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-26642
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.00% / 77.17%
||
7 Day CHG-0.01%
Published-08 Apr, 2025 | 17:23
Updated-13 Feb, 2026 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channelaccessoffice_online_serverexcelsharepoint_server365_appsMicrosoft Access 2016 (32-bit edition)Microsoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft SharePoint Server 2019Microsoft Access 2016Office Online ServerMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft Office 2016
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2025-21383
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.34% / 57.00%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-13 Feb, 2026 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeoffice_long_term_servicing_channelexcelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office LTSC 2024
CWE ID-CWE-125
Out-of-bounds Read
CVE-2026-20946
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 13.96%
||
7 Day CHG+0.02%
Published-13 Jan, 2026 | 17:56
Updated-01 Apr, 2026 | 13:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office365_appsoffice_long_term_servicing_channelexcelMicrosoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2024Microsoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-38210
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.28% / 79.78%
||
7 Day CHG~0.00%
Published-22 Aug, 2024 | 23:04
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-edge_chromiumMicrosoft Edge (Chromium-based)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54898
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.84%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:00
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeoffice_long_term_servicing_channelexcel365_appsoffice_online_serverMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Office Online Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-62564
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.21%
||
7 Day CHG~0.00%
Published-09 Dec, 2025 | 17:55
Updated-16 Apr, 2026 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeexceloffice_long_term_servicing_channel365_appsoffice_online_serverMicrosoft Office LTSC for Mac 2024Microsoft Excel 2016Microsoft Office LTSC 2024Microsoft Office 2019Office Online ServerMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-60727
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.56%
||
7 Day CHG~0.00%
Published-11 Nov, 2025 | 17:59
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channelofficeexceloffice_online_server365_appsMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Office Online Server
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-54902
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.11% / 28.84%
||
7 Day CHG~0.00%
Published-09 Sep, 2025 | 17:00
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-excel365_appsoffice_long_term_servicing_channeloffice_online_serverofficeMicrosoft Excel 2016Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2021Office Online Server
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-416
Use After Free
CVE-2023-36766
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.38% / 59.75%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 16:58
Updated-30 Oct, 2025 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Information Disclosure Vulnerability

Microsoft Excel Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice_online_serverofficeexcel365_appsMicrosoft Excel 2013 Service Pack 1Microsoft 365 Apps for EnterpriseMicrosoft Office Online ServerMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021Microsoft Excel 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-32029
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-40.33% / 97.39%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 23:25
Updated-04 Nov, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsoffice_online_serverexcelofficeMicrosoft Excel 2013 Service Pack 1Microsoft 365 Apps for EnterpriseMicrosoft Office Online ServerMicrosoft Office 2019Microsoft Office LTSC 2021Microsoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021Microsoft Excel 2016
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23399
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.35% / 91.78%
||
7 Day CHG~0.00%
Published-14 Mar, 2023 | 16:55
Updated-01 Jan, 2025 | 00:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice_online_serverofficeexceloffice_web_apps_server365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Excel 2016Microsoft Excel 2013 Service Pack 1Microsoft Office Online ServerMicrosoft Office 2016Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2021Microsoft Office Web Apps Server 2013 Service Pack 1Microsoft Office 2013 Service Pack 1Microsoft Office 2019Microsoft Office 2019 for Mac
CWE ID-CWE-125
Out-of-bounds Read
CVE-2025-49689
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.87% / 75.39%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-26 Feb, 2026 | 18:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability

Integer overflow or wraparound in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_server_2008windows_10_1507windows_11_22h2Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 10 Version 22H2Windows 11 Version 23H2Windows Server 2012Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2Windows Server 2025 (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2016Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows 11 version 22H3Windows Server 2019Windows 10 Version 1607Windows Server 2022Windows 10 Version 1507Windows Server 2012 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-822
Untrusted Pointer Dereference
CVE-2024-49031
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-126
Buffer Over-read
CVE-2025-47170
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 71.59%
||
7 Day CHG+0.03%
Published-10 Jun, 2025 | 17:02
Updated-26 Feb, 2026 | 17:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft Office LTSC for Mac 2024Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2024-49027
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 72.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2024-49032
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-416
Use After Free
CVE-2024-49030
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.73% / 72.85%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-49029
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.83% / 74.80%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft Excel 2016Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-908
Use of Uninitialized Resource
CVE-2024-49026
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.81%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channeloffice_online_serverofficeexcel365_appsMicrosoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Office 2019Microsoft Office Online ServerMicrosoft Excel 2016 Click-to-Run (C2R)Microsoft Office LTSC 2024
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2025-47174
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 71.59%
||
7 Day CHG+0.03%
Published-10 Jun, 2025 | 17:02
Updated-20 Feb, 2026 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office LTSC 2024
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-49079
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.50% / 66.06%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Input Method Editor (IME) Remote Code Execution Vulnerability

Input Method Editor (IME) Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2022_23h2windows_server_2012windows_10_1507windows_11_24h2windows_server_2025windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607windows_11_23h2Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1809Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1607Windows Server 2016Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows Server 2012 R2Windows Server 2012 (Server Core installation)Windows 10 Version 21H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows Server 2022Windows 11 version 22H2Windows Server 2019Windows Server 2012 R2 (Server Core installation)Windows Server 2025Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)
CWE ID-CWE-416
Use After Free
CVE-2024-49142
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.45% / 63.73%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Access Remote Code Execution Vulnerability

Microsoft Access Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-officeaccess365_appsoffice_long_term_servicing_channelMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Access 2016 (64-bit edition)Microsoft Office 2019Microsoft Office LTSC 2024Microsoft Access 2016 (32-bit edition)
CWE ID-CWE-416
Use After Free
CVE-2024-49043
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.41% / 61.48%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 29)Microsoft SQL Server 2022 for (CU 15)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-49021
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.81% / 74.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:54
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2017 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 29)Microsoft SQL Server 2022 for (CU 15)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-416
Use After Free
CVE-2024-49069
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.24% / 47.58%
||
7 Day CHG~0.00%
Published-10 Dec, 2024 | 17:49
Updated-13 May, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Excel Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exceloffice_long_term_servicing_channel365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Excel 2016Microsoft Office 2019Microsoft Office LTSC for Mac 2024Microsoft Office LTSC for Mac 2021Microsoft Office LTSC 2024
CWE ID-CWE-416
Use After Free
CVE-2022-47212
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.65% / 82.18%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CVE-2022-47213
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.61% / 81.97%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CVE-2024-21379
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.53% / 67.33%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:02
Updated-09 May, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appswordofficeMicrosoft Office 2019Microsoft 365 Apps for EnterpriseMicrosoft Word 2016Microsoft Office LTSC 2021
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-47211
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.00% / 83.83%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsMicrosoft 365 Apps for Enterprise
CVE-2026-42831
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.06% / 18.10%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:59
Updated-16 May, 2026 | 02:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Remote Code Execution Vulnerability

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-officeMicrosoft Office for AndroidMicrosoft Office LTSC for Mac 2024Microsoft Office LTSC for Mac 2021
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2022-44668
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.70% / 82.47%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Remote Code Execution Vulnerability

Windows Media Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1Windows 11 version 21H2Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 7Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CVE-2022-44666
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-57.15% / 98.17%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-27 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Contacts Remote Code Execution Vulnerability

Windows Contacts Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2012 R2 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows Server 2008 Service Pack 2Windows 10 Version 20H2Windows Server 2012 (Server Core installation)Windows Server 2008 Service Pack 2Windows Server 2022Windows Server 2016Windows 7Windows Server 2012Windows 10 Version 1809Windows 11 version 22H2Windows 10 Version 21H1Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 8.1Windows Server 2016 (Server Core installation)Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2019Windows Server 2008 R2 Service Pack 1Windows 7 Service Pack 1Windows Server 2012 R2Windows 10 Version 1607Windows 11 version 21H2
CVE-2022-44695
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.30% / 84.90%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Visio Remote Code Execution Vulnerability

Microsoft Office Visio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visio365_appsofficeMicrosoft Office 2019Microsoft Visio 2013 Service Pack 1Microsoft Office LTSC 2021Microsoft 365 Apps for EnterpriseMicrosoft Visio 2016
CVE-2022-44691
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.01% / 91.56%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-27 Aug, 2025 | 20:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office OneNote Remote Code Execution Vulnerability

Microsoft Office OneNote Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office LTSC 2021Microsoft Office 2019Microsoft 365 Apps for Enterprise
CVE-2022-44702
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-9.76% / 93.04%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Terminal Remote Code Execution Vulnerability

Windows Terminal Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11terminalwindows_10Windows Terminal for Windows 11Windows Terminal for Windows 10
CVE-2022-44692
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.30% / 84.90%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office 2019 for MacMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021
CVE-2022-44667
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-1.70% / 82.47%
||
7 Day CHG~0.00%
Published-13 Dec, 2022 | 00:00
Updated-22 Jul, 2025 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Media Remote Code Execution Vulnerability

Windows Media Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_11windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2012Windows 10 Version 22H2Windows 10 Version 1507Windows 10 Version 1809Windows Server 2022Windows 11 version 22H2Windows Server 2016 (Server Core installation)Windows 10 Version 20H2Windows Server 2016Windows 10 Version 21H2Windows 10 Version 21H1Windows Server 2012 R2 (Server Core installation)Windows 7 Service Pack 1Windows 11 version 21H2Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server 2008 R2 Service Pack 1Windows 7Windows Server 2019Windows Server 2019 (Server Core installation)Windows 10 Version 1607
CVE-2022-41107
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.25% / 84.76%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Graphics Remote Code Execution Vulnerability

Microsoft Office Graphics Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeMicrosoft 365 Apps for EnterpriseMicrosoft Office LTSC for Mac 2021Microsoft Office LTSC 2021Microsoft Office 2019Microsoft Office 2019 for Mac
CVE-2022-41119
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.24% / 84.74%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-02 Jan, 2025 | 21:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Remote Code Execution Vulnerability

Visual Studio Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_2019visual_studio_2017visual_studio_2022Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 version 17.2Microsoft Visual Studio 2022 version 17.3Microsoft Visual Studio 2022 version 17.0
CVE-2022-41031
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-7.94% / 92.14%
||
7 Day CHG~0.00%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Word Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-office_long_term_servicing_channel365_appsofficeMicrosoft Office LTSC for Mac 2021Microsoft 365 Apps for EnterpriseMicrosoft Office LTSC 2021Microsoft Office 2019 for Mac
CVE-2026-41611
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.66%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 16:58
Updated-15 May, 2026 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Visual Studio Code Remote Code Execution Vulnerability

Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studio_codeVisual Studio Code
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 37
  • 38
  • Next
Details not found