365 Apps CVE Vulnerabilities

By Microsoft58 known vulnerabilities

Critical
1
High
40
Medium
16
Low
1
None
0

All 365 Apps CVEs

Recent Highest Score Oldest
CVE-2026-40421
4.3 medium

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

May 12, 2026
CVE-2026-40420
8.8 high

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40418
7.8 high

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2026-40367
8.4 high

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40366
8.4 high

Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40362
7.8 high

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40361
8.4 high

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-40358
8.4 high

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

May 12, 2026
CVE-2026-35436
8.8 high

Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.

May 12, 2026
CVE-2025-49696
8.4 high

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-49695
8.4 high

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Jul 8, 2025
CVE-2025-47953
8.4 high

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 10, 2025
CVE-2025-47167
8.4 high

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 10, 2025
CVE-2025-47164
8.4 high

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 10, 2025
CVE-2025-47162
8.4 high

Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

Jun 10, 2025
CVE-2025-30386
8.4 high

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

May 13, 2025
CVE-2023-36009
5.5 medium

Microsoft Word Information Disclosure Vulnerability

Dec 12, 2023
CVE-2023-36897
8.1 high

Visual Studio Tools for Office Runtime Spoofing Vulnerability

Aug 8, 2023
CVE-2023-33162
5.5 medium

Microsoft Excel Information Disclosure Vulnerability

Jul 11, 2023
CVE-2023-33161
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Jul 11, 2023
CVE-2023-33158
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Jul 11, 2023
CVE-2023-33153
6.8 medium

Microsoft Outlook Remote Code Execution Vulnerability

Jul 11, 2023
CVE-2023-33152
7.0 high

Microsoft ActiveX Remote Code Execution Vulnerability

Jul 11, 2023
CVE-2023-33151
6.5 medium

Microsoft Outlook Spoofing Vulnerability

Jul 11, 2023