Total
465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1641 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2025-10-22 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2025-59221 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-10-16 | N/A | 7.0 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59222 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-10-16 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-59232 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-10-16 | N/A | 7.1 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-59235 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-10-16 | N/A | 7.1 HIGH |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-54905 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-09-12 | N/A | 7.1 HIGH |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-54906 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-09-12 | N/A | 7.8 HIGH |
| Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-54897 | 1 Microsoft | 1 Sharepoint Server | 2025-09-12 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2020-17122 | 1 Microsoft | 3 Office, Office Web Apps, Sharepoint Server | 2025-08-28 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Excel Remote Code Execution Vulnerability | |||||
| CVE-2020-17121 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-08-28 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2020-17120 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-08-28 | 4.0 MEDIUM | 5.3 MEDIUM |
| Microsoft SharePoint Information Disclosure Vulnerability | |||||
| CVE-2020-17118 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-08-28 | 10.0 HIGH | 8.1 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2020-17115 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-08-28 | 6.0 MEDIUM | 8.0 HIGH |
| Microsoft SharePoint Server Spoofing Vulnerability | |||||
| CVE-2020-17089 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2025-08-28 | 6.0 MEDIUM | 7.1 HIGH |
| Microsoft SharePoint Elevation of Privilege Vulnerability | |||||
| CVE-2025-53736 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-08-18 | N/A | 6.8 MEDIUM |
| Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||||
| CVE-2025-53733 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-08-18 | N/A | 8.4 HIGH |
| Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-49712 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53760 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 7.1 HIGH |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53771 | 1 Microsoft | 1 Sharepoint Server | 2025-08-14 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-49703 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||