365 apps (microsoft) — Vulnerabilities

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45486HIGH 7.8

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45485LOW 3.3

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-45469HIGH 7.8

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-45459LOW 3.3

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-45458HIGH 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-45457HIGH 7.8

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-45456HIGH 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44824HIGH 7.8

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44822HIGH 8.2

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-44821MEDIUM 5.5

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

CVE-2026-44820HIGH 7.8

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44819HIGH 7.8

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-44818HIGH 7.0

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-44817HIGH 7.8

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40421MEDIUM 4.3

External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.

CVE-2026-40420HIGH 8.8

Improper access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-40419HIGH 7.8

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

CVE-2026-40418HIGH 7.8

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-40367HIGH 8.4

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40366HIGH 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40364HIGH 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40363HIGH 8.4

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-40362HIGH 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40361HIGH 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-40360HIGH 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-40359HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-40358HIGH 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-35440MEDIUM 5.5

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-35436HIGH 8.8

Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally.

CVE-2026-33822MEDIUM 6.1

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

CVE-2026-33115HIGH 8.4

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-33114HIGH 8.4

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-33095HIGH 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-32200HIGH 7.8

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2026-32199HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32198HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32197HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32190HIGH 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-32189HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-32188HIGH 7.1

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-23657HIGH 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-26144HIGH 7.5

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2026-26113HIGH 8.4

Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-26112HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26110HIGH 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-26109HIGH 8.4

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26108HIGH 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-26107HIGH 7.8

CVE-2026-21514HIGH 7.8KEV

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-21511HIGH 7.5

Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21261MEDIUM 5.5

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2026-21260HIGH 7.5

Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-21259HIGH 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.

CVE-2026-21258MEDIUM 5.5

CVE-2026-21509HIGH 7.8KEV

Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Jan 26, 2026

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-20957HIGH 7.8

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20956HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20955HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20953HIGH 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20952HIGH 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2026-20950HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20949HIGH 7.8

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

CVE-2026-20948HIGH 7.8

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2026-20946HIGH 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2026-20944HIGH 8.4

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62564HIGH 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62563HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62562HIGH 7.8

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

CVE-2025-62561HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62560HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62559HIGH 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62558HIGH 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62557HIGH 8.4

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62556HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62555HIGH 7.0

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62554HIGH 8.4

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62553HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62552HIGH 7.8

Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

CVE-2025-62216HIGH 7.8

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-62205HIGH 7.8

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

CVE-2025-62203HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62202HIGH 7.1

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-62201HIGH 7.8

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62200HIGH 7.8

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-62199HIGH 7.8

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-60728MEDIUM 4.3

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

CVE-2025-60727HIGH 7.8

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-60726HIGH 7.1

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-59240MEDIUM 5.5

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-59243HIGH 7.8

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-59238HIGH 7.8

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

CVE-2025-59236HIGH 8.4

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-59235HIGH 7.1

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-59234HIGH 7.8

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

CVE-2025-59233HIGH 7.8

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-59232HIGH 7.1

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

CVE-2025-59231HIGH 7.8

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

CVE-2025-59229MEDIUM 5.5

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.

CVE-2025-59227HIGH 7.8