Lucene search
K

26 matches found

CVE
CVE
added 2025/09/09 5:1 p.m.581 views

CVE-2025-53799

CVE-2025-53799 affects the Windows Imaging Component. The vulnerability arises from use of an uninitialized resource in Imaging Component code, enabling local attackers to disclose information. The NCSC entry confirms the impact as Access to sensitive data with a CVSS-like rating around 5.5 (Medi...

5.5CVSS6.1AI score0.0073EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.403 views

CVE-2021-43905

CVE-2021-43905 – Microsoft Office app Remote Code Execution : A vulnerability in the Microsoft Office app on Windows allows remote code execution via a specially crafted Office document. Exploitation requires the victim to open the malicious document (user interaction required) and could lead to ...

9.6CVSS9.5AI score0.02821EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.113 views

CVE-2025-47167

Microsoft Office remote/local code execution vulnerability CVE-2025-47167 arises from an incompatible type (type confusion) when accessing resources, allowing an unauthenticated or authenticated attacker to execute code with the user’s context. Affected products span Office suite components (Word...

8.4CVSS8.4AI score0.00575EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.101 views

CVE-2023-36565

CVE-2023-36565 is a Microsoft Office Graphics elevation-of-privilege vulnerability. Affected are various Office products (e.g., Office 2019/2021, Office for Mac; list from Kaspersky NCSC doc) where the Graphics component can elevate privileges within a local context. Reported root cause is a priv...

7CVSS7AI score0.00417EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.101 views

CVE-2025-60724

Technical details about CVE-2025-60724 are not provided in the supplied documents. Connected KBs discuss OS updates and security fixes but do not specify vulnerable product versions, root cause, exploitation, or patch specifics for this CVE. Monitor for updates.

9.8CVSS6.1AI score0.05793EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.97 views

CVE-2025-26687

CVE-2025-26687 is a use-after-free in Windows Win32K - GRFX that enables a network-based privilege escalation. The affected component is the Win32K GRFX graphics subsystem; the underlying issue is a use-after-free in that path, leading to total impact (CVE-2025-26687 shows a base score of 7.5/10 ...

7.5CVSS7.5AI score0.01071EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.97 views

CVE-2026-41614

CVE-2026-41614 concerns M365 Copilot for Desktop where improper access control enables a local attacker to spoof identities. The available documents identify the affected software (M365 Copilot for Desktop) and the impact as local spoofing due to insufficient access permissions, but do not provid...

6.2CVSS5.8AI score0.00363EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.89 views

CVE-2025-30386

CVE-2025-30386 is a Microsoft Office use-after-free remote-code-execution vulnerability. Public sources (MSRC/MSCVEs) describe it affecting Office components (Excel/PowerPoint/Outlook/SharePoint/Docs) with local exploitation; patching is provided via Office/MSR security updates (e.g., KB5002711) ...

8.4CVSS7.8AI score0.00561EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.86 views

CVE-2026-45463

CVE-2026-45463 describes a heap-based buffer overflow in Microsoft Office that allows an attacker with local access to execute code on the affected system. The sources identify Microsoft Office and classify the flaw as a heap-based overflow with high impact (CVSSv3.1: 8.4, LOCAL access, no user i...

8.4CVSS7.3AI score0.00339EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.84 views

CVE-2025-30388

Technical details about CVE-2025-30388 are not provided in the connected documents. Public information remains limited to the initial description. Monitor for updates from official advisories for affected products, impacts, and remediation.

7.8CVSS8AI score0.03538EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.83 views

CVE-2025-53766

CVE-2025-53766 is a heap-based buffer overflow in Windows GDI+ that enables a remote attacker to execute code over a network. Public details describe the vulnerability as a memory overflow in GDI+ triggered by processing specially crafted metafiles, potentially allowing arbitrary code execution w...

9.8CVSS8AI score0.07178EPSS
CVE
CVE
added 2026/03/13 9:10 p.m.63 views

CVE-2026-26133

CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...

7.1CVSS5.8AI score0.00433EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.60 views

CVE-2026-41100

CVE-2026-41100 describes an improper access control vulnerability in Microsoft 365 Copilot (Android) that allows an authorized attacker to perform local spoofing. The NVD entries consistently flag local attack vector with low attack complexity and low privileges required, resulting in a CVSS v3.1...

4.4CVSS5.8AI score0.00249EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.50 views

CVE-2026-45474

The documents confirm CVE-2026-45474 is a Microsoft Office vulnerability described as a heap-based buffer overflow that allows an unauthenticated/unauthorized attacker to execute code locally on affected systems. Affected product is Microsoft Office, with the root cause identified as a heap-based...

8.4CVSS7.3AI score0.00364EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.47 views

CVE-2025-53732

CVE-2025-53732 is a heap-based buffer overflow in Microsoft Office that enables local code execution. The CVE is rated CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required, but user interaction is required; impact to confidentiality, integrity, an...

7.8CVSS8AI score0.00487EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.47 views

CVE-2026-40363

CVE-2026-40363 is a heap-based buffer overflow in Microsoft Office that allows an unauthenticated local attacker to execute code. The vulnerability affects Office components handling user data in local context and is rated high severity (CVSS 3.1: AV:L AC:L PR:N UI:N S:U C:H I:H A:H). A patch is ...

8.4CVSS6.1AI score0.00383EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.43 views

CVE-2026-26110

CVE-2026-26110 is a Microsoft Office remote code execution vulnerability described as a resource access type confusion in Microsoft Office. Connected sources confirm Office-related RCEs and patch activity in the March 2026 Patch Tuesday cycle, with updates addressing multiple Office CVEs (includi...

8.4CVSS5.9AI score0.0049EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.37 views

CVE-2026-45461

CVE-2026-45461 describes a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. Documents confirm the vulnerability exists in Microsoft Office and indicate a local attack vector with high impact (C: HIGH, I: HIGH, A: HIGH) and a base score o...

8.4CVSS7.3AI score0.00364EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.36 views

CVE-2026-45472

CVE-2026-45472 is a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. The connected sources (NVD, CVE listing) corroborate a local-execution impact due to a heap overflow in Office components. No explicit root-cause details beyond the hea...

8.4CVSS7.3AI score0.00339EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.35 views

CVE-2025-59227

CVE-2025-59227 is a Microsoft Office remote code execution vulnerability described as a use-after-free in Office components that can let an unauthenticated, local attacker execute code. Connected sources corroborate Office-focused impact and indicate multiple Office subsystems are affected, with ...

7.8CVSS7.1AI score0.00477EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.34 views

CVE-2025-62199

CVE-2025-62199 is a Microsoft Office remote code execution/use-after-free vulnerability. The CVE affects multiple Office components (notably Office and Excel) due to a memory-management flaw described as a use-after-free in Office, enabling a locally authenticated attacker to run arbitrary code. ...

7.8CVSS5.8AI score0.00743EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.32 views

CVE-2026-25180

CVE-2026-25180 describes an out-of-bounds read in the Microsoft Graphics Component that can allow an unauthorized local attacker to disclose information. Connected sources (NVD, CVE listing, ENISA/NCSC advisories) confirm the affected component as Microsoft Graphics Component and the impact as lo...

5.5CVSS5.7AI score0.00655EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.30 views

CVE-2026-26134

CVE-2026-26134 is an elevation-of-privilege vulnerability in Microsoft Office resulting from an integer overflow/wraparound in Office components, allowing an authenticated local attacker to elevate privileges. Public sources in the connected documents confirm the impact as local privilege escalat...

7.8CVSS5.8AI score0.00353EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.29 views

CVE-2026-42831

CVE-2026-42831 describes a heap-based buffer overflow in Microsoft Office that allows a local attacker to execute code. The CVSS 3.1 vector indicates local attack with user interaction required, high impact on confidentiality, integrity, and availability. Connected sources confirm the issue but d...

7.8CVSS6.1AI score0.00437EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.26 views

CVE-2026-24285

Technical details about CVE-2026-24285 are not provided in the given documents. Monitor for updates from Microsoft and CVE records for affected products, impact, and mitigations.

7CVSS5.8AI score0.00462EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.24 views

CVE-2025-59234

CVE-2025-59234 is a Microsoft Office remote code execution vulnerability described as a use-after-free in Office components that allows a locally authenticated attacker to execute code. Public details from connected sources confirm Office as the affected product family and cite an exploit path vi...

7.8CVSS7.1AI score0.00563EPSS