Search Results (319 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-40361 1 Microsoft 10 365 Apps, Office, Office 2019 and 7 more 2026-06-03 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40367 1 Microsoft 13 365 Apps, Office, Office 2019 and 10 more 2026-06-01 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40421 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-06-01 4.3 Medium
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40366 1 Microsoft 10 365 Apps, Office, Office 2019 and 7 more 2026-06-01 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2023-33150 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2026-05-19 9.6 Critical
Microsoft Office Security Feature Bypass Vulnerability
CVE-2022-41103 1 Microsoft 8 365 Apps, Office, Office Long Term Servicing Channel and 5 more 2026-05-19 5.5 Medium
Microsoft Word Information Disclosure Vulnerability
CVE-2022-41060 1 Microsoft 8 365 Apps, Office, Office Long Term Servicing Channel and 5 more 2026-05-19 5.5 Medium
Microsoft Word Information Disclosure Vulnerability
CVE-2024-20673 1 Microsoft 8 Excel, Office, Office Long Term Servicing Channel and 5 more 2026-05-19 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-41061 1 Microsoft 8 365 Apps, Office, Office Long Term Servicing Channel and 5 more 2026-05-19 7.8 High
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-29107 1 Microsoft 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more 2026-05-19 5.5 Medium
Microsoft Office Security Feature Bypass Vulnerability
CVE-2026-42832 1 Microsoft 8 Excel, Excel For Android, Office and 5 more 2026-05-19 7.7 High
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2022-24511 1 Microsoft 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more 2026-05-19 5.5 Medium
Microsoft Office Word Tampering Vulnerability
CVE-2023-29335 1 Microsoft 16 365 Apps, Office, Office Long Term Servicing Channel and 13 more 2026-05-19 7.5 High
Microsoft Word Security Feature Bypass Vulnerability
CVE-2026-35440 1 Microsoft 8 365 Apps, Office, Office 2019 and 5 more 2026-05-19 5.5 Medium
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40364 1 Microsoft 10 365 Apps, Office, Office 2019 and 7 more 2026-05-19 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-41101 1 Microsoft 2 Word, Word For Android 2026-05-16 7.1 High
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
CVE-2006-6561 1 Microsoft 4 Office, Word, Word Viewer and 1 more 2026-04-23 N/A
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
CVE-2009-2501 1 Microsoft 27 .net Framework, Excel Viewer, Expression Web and 24 more 2026-04-23 N/A
Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
CVE-2009-2506 1 Microsoft 7 Office Converter Pack, Office Word, Windows 2000 and 4 more 2026-04-23 N/A
Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; Works 8.5; Office Converter Pack; and WordPad in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a DOC file with an invalid number of property names in the DocumentSummaryInformation stream, which triggers a heap-based buffer overflow.
CVE-2009-2504 1 Microsoft 27 .net Framework, Excel Viewer, Expression Web and 24 more 2026-04-23 N/A
Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."