Lucene search
K
Microsoft365 Apps

499 matches found

CVE
CVE
•added 2023/03/14 4:55 p.m.•1993 views

CVE-2023-23397

CVE-2023-23397 is an Elevation of Privilege in Microsoft Outlook for Windows. Multiple connected sources describe exploitation via Outlook calendar reminders using a UNC path in the MAPI property PidLidReminderFileParameter, causing the victim to contact an attacker-controlled SMB share and leak ...

9.8CVSS8.3AI score0.97408EPSS
In wild
CVE
CVE
•added 2021/11/10 12:47 a.m.•1324 views

CVE-2021-42292

CVE-2021-42292 is a Microsoft Excel Security Feature Bypass vulnerability in Microsoft Excel that enables local privilege bypass (local access required). The vulnerability is documented across multiple feeds, with patched fixes provided by Microsoft via Patch Tuesday advisories. Connected sources...

7.8CVSS7.6AI score0.31949EPSS
In wild
CVE
CVE
•added 2023/06/17 12:29 a.m.•1162 views

CVE-2023-28295

CVE-2023-28295 is a Microsoft Publisher remote code execution vulnerability affecting Publisher components (notably Publisher 2013) with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL attack vector, requiring user interaction. The issue is addressed by Microsoft security updates (e.g., KB5002213 ...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
•added 2021/09/15 11:24 a.m.•1110 views

CVE-2021-38646

CVE-2021-38646 is a Microsoft Office Access Connectivity Engine remote code execution vulnerability. The Nessus plugin confirms it affects Office products via the Access connectivity engine and ties remediation to September 2021 Office security updates (e.g., KB5001958 for Office 2013 and KB50019...

7.8CVSS7.5AI score0.04044EPSS
In wild
CVE
CVE
•added 2024/02/13 6:2 p.m.•1087 views

CVE-2024-21413

Summary of CVE-2024-21413 (Microsoft Outlook / Moniker Link): A vulnerability in Outlook where crafted Moniker Link URLs (often via file:///UNC paths) can trigger an automatic SMB access, potentially leaking the user’s NTLM hash to an attacker. Multiple PoCs on GitHub demonstrate delivering malic...

9.8CVSS9.6AI score0.9466EPSS
In wild
CVE
CVE
•added 2023/02/14 7:33 p.m.•831 views

CVE-2023-21715

CVE-2023-21715 is a Microsoft Publisher security feature bypass vulnerability affecting Microsoft 365 Apps for Enterprise. Exploitation allows a specially crafted document to bypass macro defenses and run code that would normally be blocked by policy; the attack is described as local with authent...

7.3CVSS7.2AI score0.12107EPSS
In wild
CVE
CVE
•added 2023/09/12 4:58 p.m.•811 views

CVE-2023-36761

CVE-2023-36761 is a Microsoft Word information disclosure vulnerability. Connected sources note exploitation in the wild and indicate NTLM relay as a possible attack outcome. Affected products include various Word/Office deployments (Microsoft Word/Office suite). The vulnerability is being tracke...

6.5CVSS6AI score0.18959EPSS
In wild
CVE
CVE
•added 2023/07/11 5:3 p.m.•638 views

CVE-2023-35311

Technical details about CVE-2023-35311 are not publicly available in the provided connected documents. The sources confirm a Microsoft Outlook security feature bypass but do not specify root cause, affected versions, or fixes. Monitor for updates.

8.8CVSS7.9AI score0.15028EPSS
In wild
CVE
CVE
•added 2023/09/12 4:58 p.m.•570 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
•added 2024/08/08 8:45 p.m.•542 views

CVE-2024-38200

CVE-2024-38200 affects Microsoft Office (e.g., Office 2019 MSO Build 1808; Microsoft 365 MSO 2403/16.0.17425.20176) where Office URI schemes (eg, ms-word:ofe|u|http://…) trigger automatic NTLM authentication. The underlying issue is the Office URI handling that can fetch remote documents and caus...

9.1CVSS7.5AI score0.19534EPSS
CVE
CVE
•added 2023/09/12 4:58 p.m.•518 views

CVE-2023-36767

CVE-2023-36767 is a Microsoft Office security feature bypass vulnerability (CVSS v3.1 base 4.3, MEDIUM) affecting Office components across platforms. The available connected docs describe the issue as a security feature bypass with impact of circumvention of security measures (Office Excel noted ...

4.3CVSS4.8AI score0.03324EPSS
CVE
CVE
•added 2025/11/11 5:59 p.m.•513 views

CVE-2025-59240

CVE-2025-59240 is an information-disclosure vulnerability in Microsoft Excel (Office) due to improper authorization validation that can allow a local attacker to obtain sensitive data. Connected sources confirm impact across Microsoft Excel products (including various Office/Excel editions and 20...

5.5CVSS5AI score0.00558EPSS
CVE
CVE
•added 2023/09/12 4:58 p.m.•509 views

CVE-2023-36763

CVE-2023-36763 is a Microsoft Outlook information disclosure vulnerability. Public documentation identifies it as affecting Outlook 2016 (KB5002499) and related Office/Outlook components; severity is high (CVSSv3.1: 7.5, vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The vulnerability orig...

7.5CVSS7.2AI score0.01908EPSS
CVE
CVE
•added 2026/01/26 5:6 p.m.•505 views

CVE-2026-21509

CVE-2026-21509 is a Microsoft Office security feature bypass triggered by reliance on untrusted inputs in a security decision, enabling a local attacker to bypass OLE protections after a user opens a crafted document. Affected products include Office 2016, 2019, LTSC 2021/2024 and Microsoft 365 A...

7.8CVSS5.9AI score0.72152EPSS
In wild
CVE
CVE
•added 2023/09/12 4:58 p.m.•470 views

CVE-2023-36766

CVE-2023-36766 is a Microsoft Excel information-disclosure vulnerability, affecting Excel/Office components. The vulnerability enables information disclosure with a local attack surface and requires user interaction. Public details in connected documents confirm affected products (Microsoft Excel...

7.8CVSS6AI score0.01487EPSS
CVE
CVE
•added 2025/11/11 5:59 p.m.•465 views

CVE-2025-60728

Microsoft Excel (Office) contains an information-disclosure vulnerability: untrusted pointer dereference in Excel could disclose sensitive data over a network (CVE-2025-60728). Exploitation requires network access and user interaction. The provided documents show a Medium-severity CVSS/impact, an...

4.3CVSS5AI score0.00678EPSS
CVE
CVE
•added 2023/09/12 4:58 p.m.•451 views

CVE-2023-41764

CVE-2023-41764 is a Microsoft Office spoofing vulnerability. The connected sources confirm the issue affects Office suites on MSI-based installations (Office 2016) and is addressed by accompanying security updates: KB5002498 (Office 2016, MSI) and related advisories for older Office versions (KB5...

5.5CVSS5.6AI score0.0119EPSS
CVE
CVE
•added 2023/06/17 12:29 a.m.•320 views

CVE-2023-28287

CVE-2023-28287 is a Microsoft Publisher Remote Code Execution vulnerability affecting Publisher 2013. The public details in the provided documents indicate exploitation could yield a high-impact breach if a user opens a malicious Publisher file, with a CVSS base score of 7.8 (HIGH) and a Local, l...

7.8CVSS7.7AI score0.00742EPSS
CVE
CVE
•added 2024/02/13 6:2 p.m.•304 views

CVE-2024-21378

The connected document describes a GitHub exploit example for CVE-2024-21378 targeting Microsoft Outlook via Exchange Online. It claims to execute arbitrary code by delivering a malicious COM DLL embedded in a form attachment, loaded into the Outlook process after user interaction in the thick cl...

8.8CVSS7.8AI score0.11064EPSS
CVE
CVE
•added 2024/08/13 5:30 p.m.•293 views

CVE-2024-38189

CVE-2024-38189 is a remote code execution vulnerability in Microsoft Project. The CVE description and CNNVD/MSRC references indicate an input validation error in Microsoft Project that can allow remote code execution, with a CVSS v3.1 base score of 8.8 (HIGH) and exploitability requiring user int...

8.8CVSS8.9AI score0.07871EPSS
In wild
CVE
CVE
•added 2024/11/12 5:54 p.m.•285 views

CVE-2024-49033

CVE-2024-49033 – Microsoft Word Security Feature Bypass : A security feature bypass in Word (Office) that can lead to high-impact exposure. The CVSSv3.1 base score is 7.5 (Network, High difficulty, User interaction required). Microsoft has released a security update (KB5002619) for Word 2016 via ...

7.5CVSS7.4AI score0.02072EPSS
CVE
CVE
•added 2020/10/16 12:0 a.m.•279 views

CVE-2020-16947

CVE-2020-16947 refers to a remote code execution vulnerability in Microsoft Outlook caused by improper handling of objects in memory. The issue can allow arbitrary code execution in the context of the targeted user, with higher impact if the user account has administrative rights. Exploitation re...

9.3CVSS9.1AI score0.33551EPSS
CVE
CVE
•added 2022/10/11 12:0 a.m.•279 views

CVE-2022-38048

CVE-2022-38048 — Microsoft Office Remote Code Execution is documented as an Office remote code execution vulnerability. Public sources in the provided documents identify Office components as affected and indicate that exploitation could result in executing arbitrary code on the user’s system. Mic...

7.8CVSS7.8AI score0.01509EPSS
CVE
CVE
•added 2023/08/08 5:8 p.m.•274 views

CVE-2023-36897

CVE-2023-36897 is a spoofing vulnerability in the Visual Studio Tools for Office (VSTO) Runtime. It can allow impersonation of another user and is tied to Office/VSTO deployments. Evidence from multiple sources (MSRC/KB5029497, Nessus plugin, NCSC advisory) indicates the issue affects VSTO runtim...

8.1CVSS7AI score0.01603EPSS
CVE
CVE
•added 2022/03/09 5:7 p.m.•265 views

CVE-2022-24462

CVE-2022-24462 is a Microsoft Word/Office vulnerability described as a Security Feature Bypass. Connected sources also reference CVE-2022-24511 (Word tampering) affecting Word/Office products; several NesĀ­sus plugins list Word and Office components, with March 2022 updates addressing multiple Off...

5.5CVSS5.6AI score0.01895EPSS
CVE
CVE
•added 2025/02/11 5:58 p.m.•264 views

CVE-2025-21381

CVE-2025-21381 is a Microsoft Excel remote code execution vulnerability affecting Excel 2016 (KB5002687) and related Office Excel components. Public references indicate an RCE path via Excel, with the initial entry listing Excel as the affected product and the security update KB5002687 fixing it....

7.8CVSS7.9AI score0.01072EPSS
CVE
CVE
•added 2024/01/09 5:56 p.m.•260 views

CVE-2024-20677

CVE-2024-20677 is a Microsoft Office RCE vulnerability tied to inserting FBX 3D files. MS mitigation disables the FBX insertion feature in Word, Excel, PowerPoint and Outlook on Windows and Mac; affected Office versions (Office 2019, 2021, Office LTSC for Mac 2021, Microsoft 365) lose the ability...

7.8CVSS7.8AI score0.0326EPSS
CVE
CVE
•added 2022/03/09 5:8 p.m.•257 views

CVE-2022-24510

CVE-2022-24510 affects Microsoft Office Visio and is described as a remote code execution vulnerability. NVD reports base scores of 6.8 (CVSS2.0) and 7.8 (CVSS3.1) with impact on confidentiality, integrity, and availability. The CVSS3.1 vector indicates a local exploit with user interaction requi...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
•added 2024/02/13 6:2 p.m.•252 views

CVE-2024-21379

CVE-2024-21379 is a Microsoft Word remote code execution vulnerability. The entry concerns Word (notably Word 2016) and is documented with a CVSS v3.1 base score of 7.8 (High) with a local attack vector, low attack complexity, and requiring user interaction; impact is high on confidentiality, int...

7.8CVSS7.8AI score0.01719EPSS
CVE
CVE
•added 2023/03/14 4:55 p.m.•251 views

CVE-2023-23399

The CVE-2023-23399 vulnerability affects Microsoft Excel (Office/Excel) and is described as a remote code execution vulnerability. Exploit-DB reports a case for Microsoft Excel 365 MSO (64-bit) v2302 build 16.0.16130.20186 with RCE via a specially crafted file, illustrating a crafted-file attack ...

7.8CVSS7.8AI score0.02532EPSS
CVE
CVE
•added 2024/03/12 4:57 p.m.•246 views

CVE-2024-26199

CVE-2024-26199 is an Office elevation-of-privilege vulnerability affecting Microsoft Office products (notably Office in Office 365/Click-to-Run and related Office components). Descriptions in multiple sources indicate a privilege-escalation flaw that could grant SYSTEM-level privileges; CVSSv3.1 ...

7.8CVSS7.6AI score0.01165EPSS
CVE
CVE
•added 2022/08/09 7:55 p.m.•242 views

CVE-2022-34717

CVE-2022-34717 is a Microsoft Office remote code execution vulnerability with impact on Office products such as 2013/2016 and Office 365 (Click-to-Run). The CVSSv3.1 base vector is NETWORK, with HIGH impact on confidentiality, integrity, and availability; attacker needs user interaction. The root...

8.8CVSS8.7AI score0.01595EPSS
CVE
CVE
•added 2022/03/09 5:8 p.m.•235 views

CVE-2022-24511

Technical details about CVE-2022-24511 are not publicly provided in the connected documents. Monitor for updates from official advisories.

5.5CVSS5.6AI score0.00999EPSS
CVE
CVE
•added 2021/05/11 7:11 p.m.•233 views

CVE-2021-28455

Technical details about CVE-2021-28455 (affected components, root cause, impact, and fixes) are not publicly provided in the supplied documents; monitor for updates.

8.8CVSS9.3AI score0.0212EPSS
CVE
CVE
•added 2022/03/09 5:7 p.m.•225 views

CVE-2022-24461

CVE-2022-24461 affects Microsoft Office Visio, with a boundary/EMF processing flaw in EMR_COMMENT_EMFPLUS records that allows remote code execution. Public metadata reports a high-severity impact (CVSSv3.1: Local, Low/None Privilege, UI Required, with High Confidentiality, Integrity, and Availabi...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
•added 2024/02/13 6:2 p.m.•223 views

CVE-2024-21384

CVE-2024-21384 refers to a remote code execution vulnerability in Microsoft Office OneNote. Multiple sources (NVD/CNVD) describe an attacker abusing OneNote to run arbitrary code on a vulnerable system, with the documented impact of full code execution. The CVSS v3.1 vector in the initial documen...

7.8CVSS8.2AI score0.00849EPSS
CVE
CVE
•added 2022/04/15 7:5 p.m.•222 views

CVE-2022-26901

Technical details are not provided in the supplied documents. No affected products, versions, root cause, impact, or fixes are listed here. Monitor official advisories for updates.

7.8CVSS7.8AI score0.02583EPSS
CVE
CVE
•added 2021/06/08 10:46 p.m.•221 views

CVE-2021-31941

CVE-2021-31941 is described as a Microsoft Office Graphics Remote Code Execution vulnerability. Public records show it as HIGH severity (CVSS3.1 base 7.8) with a LOCAL attack vector and user interaction required; the OpenVAS/Nessus entries reference Microsoft Office Graphics/RCE across various Of...

7.8CVSS7.6AI score0.02928EPSS
CVE
CVE
•added 2022/06/15 9:52 p.m.•220 views

CVE-2022-30174

CVE-2022-30174 is a Microsoft Office Remote Code Execution vulnerability. Public records (NVD, MSRC, and related feeds) describe it as affecting Microsoft Office/Office components (e.g., Excel, SharePoint) with a root cause leading to arbitrary code execution. The CVSSv3.1 assessment (vector CVSS...

7.8CVSS7.9AI score0.03278EPSS
CVE
CVE
•added 2022/07/12 10:37 p.m.•220 views

CVE-2022-33632

CVE-2022-33632 is a Microsoft Office security feature bypass vulnerability affecting Office variants (e.g., 2013/2016 and Click-to-Run Office 365). Root cause: bypass of security features in Office; impact per CVSS indicates high integrity impact but no confidentiality/availability impact, with l...

4.7CVSS4.9AI score0.00923EPSS
CVE
CVE
•added 2023/06/05 6:26 p.m.•220 views

CVE-2023-29344

CVE-2023-29344 is Microsoft Office Remote Code Execution vulnerability affecting multiple Office products (e.g., Word, Excel, Office suite components) with CVSS v3.1 base score 7.8 (HIGH). The linked sources indicate a "Remote Code Execution" issue and, in the NCSC advisory, list CVE-2023-29344 u...

7.8CVSS7.7AI score0.00922EPSS
CVE
CVE
•added 2022/02/09 4:36 p.m.•219 views

CVE-2022-22003

CVE-2022-22003 : Microsoft Office Graphics Remote Code Execution Vulnerability. The connected Nessus/NASL data indicate this vulnerability allows execution of arbitrary code via a crafted Office Graphics file, requiring a local user to open a malicious file. Remediation is documented in Microsoft...

7.8CVSS7.8AI score0.02491EPSS
CVE
CVE
•added 2023/05/09 5:3 p.m.•219 views

CVE-2023-24953

CVE-2023-24953 corresponds to a Microsoft Excel remote code execution vulnerability. Public documents describe impact as the ability to execute arbitrary code in Excel, enabling local or user-initiated exploitation. The vulnerability is addressed by Microsoft security updates for Excel (e.g., KB5...

7.8CVSS7.8AI score0.00705EPSS
CVE
CVE
•added 2021/11/10 12:46 a.m.•218 views

CVE-2021-40442

CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...

7.8CVSS7.6AI score0.0207EPSS
CVE
CVE
•added 2023/05/09 5:3 p.m.•215 views

CVE-2023-29335

CVE-2023-29335 – Microsoft Word Security Feature Bypass Vulnerability is documented with concrete remediation in Microsoft Word updates. Affected product: Word (Office). The issue is a security feature bypass (not a traditional memory/remote-code-exec hole) and has a CVSSv3.1 base score of 7.5 (N...

7.5CVSS7.4AI score0.01164EPSS
CVE
CVE
•added 2023/04/11 7:14 p.m.•211 views

CVE-2023-28311

CVE-2023-28311 affects Microsoft Word and enables local remote code execution when a user opens a specially crafted Word file. Exploitation requires user interaction (opening a file) and the attack is carried out locally via social engineering. Publicly available details indicate there are public...

7.8CVSS7.8AI score0.02719EPSS
CVE
CVE
•added 2022/03/09 5:8 p.m.•207 views

CVE-2022-24509

CVE-2022-24509 affects Microsoft Office Visio and is described as a Remote Code Execution Vulnerability. The NVD entry lists a CVSSv3.1 base score of 7.8 (HIGH) with local attack vector, user interaction required, and high impact on confidentiality, integrity, and availability; CVSSv2 indicates b...

7.8CVSS7.8AI score0.02847EPSS
CVE
CVE
•added 2021/07/14 5:54 p.m.•206 views

CVE-2021-34501

CVE-2021-34501 is described as a Microsoft Excel remote code execution vulnerability. Connected materials identify affected products as Excel in multiple Office suites (including 2013/2016 and Office Online Server variants) and indicate that exploitation could allow remote code execution. Public ...

8.8CVSS7.8AI score0.53178EPSS
CVE
CVE
•added 2021/07/16 8:19 p.m.•203 views

CVE-2021-34452

CVE-2021-34452 is a Microsoft Word remote code execution vulnerability affecting Word/Office components. Documented CVSSv3.1 score 7.8 HIGH with LOCAL attack vector, LOW complexity, NONE privileges, UI interaction required, and HIGH confidentiality/integrity/availability impacts. The vulnerabilit...

7.8CVSS7.8AI score0.02037EPSS
CVE
CVE
•added 2020/07/14 10:54 p.m.•201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
Total number of security vulnerabilities499