CVE-2026-21509

Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally...

PT-2026-4775

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2016 through 2019 Microsoft Office LTSC versions 2021 through 2024 Microsoft 365 Apps affected versions not specified Description This issue is caused by the reliance on untrusted inputs when making security decisions...

CVE-2025-62202

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally...

CVE-2025-59221

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally...

EUVD-2016-5853

Malware in sbrugna...

EUVD-2018-1343

Malware in sbrugna...

EUVD-2025-17726

Malicious code in bioql PyPI...

EUVD-2022-36675

Malicious code in bioql PyPI...

EUVD-2025-10140

Malicious code in bioql PyPI...

EUVD-2025-2411

Malicious code in bioql PyPI...

EUVD-2022-33518

Malicious code in bioql PyPI...

EUVD-2025-18272

Malicious code in bioql PyPI...

EUVD-2025-18455

Malicious code in bioql PyPI...

EUVD-2025-18271

Malicious code in bioql PyPI...

EUVD-2025-18275

Malicious code in bioql PyPI...

EUVD-2025-18273

Malicious code in bioql PyPI...

Security Updates for Microsoft Office Products (September 2025)

The Microsoft Office Products are missing security updates. They are, therefore, affected by multiple vulnerabilities. - A Remote Code Execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. CVE-2025-54906, CVE-2025-54910 - An...

VulnCheck KEV: CVE-2024-21136

Vulnerability in the Oracle Retail Xstore Office product of Oracle Retail Applications component: Security. Supported versions that are affected are 19.0.5, 20.0.3, 20.0.4, 22.0.0 and 23.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2025-3079

A passback vulnerability which relates to office/small office multifunction printers and laser printers...

CVE-2025-2516

The use of a weak cryptographic key pair in the signature verification process in WPS Office Kingsoft on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an...