Skip to main content

Excel

260 CVEs product

Monthly

CVE-2026-45649 HIGH This Week

Local spoofing in Microsoft Office for Android lets an unauthorized attacker manipulate trust-affecting content or identity indicators after a user interacts with malicious input on the device. The CVSS 7.1 score reflects high confidentiality and integrity impact with no special privileges required, though the local attack vector and required user interaction limit remote exploitability. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Google Microsoft Excel Powerpoint +1
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-45469 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel results from an integer underflow (CWE-122 heap-based) that allows an unauthorized attacker to run arbitrary code in the context of the user opening a crafted spreadsheet. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the originating CNA, and the issue is tagged as a buffer/heap overflow class flaw.

Heap Overflow Microsoft Buffer Overflow 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45455 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Excel exposes limited memory contents to a local attacker when a user opens a specially crafted workbook. Affected product lines span Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, Office Online Server, and multiple Mac variants. With a CVSS score of 3.3 (Low), no public exploit identified at time of analysis, and no CISA KEV listing, this is a low-urgency information disclosure issue - though a notable conflict exists between the description's claim of network-based disclosure and the CVSS AV:L (local) vector that warrants verification against the vendor advisory.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +5
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-44823 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.

Authentication Bypass Microsoft 365 Apps Excel Microsoft 365 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2026-44822 HIGH PATCH This Week

Information disclosure in Microsoft Office Excel allows remote unauthenticated attackers to read out-of-bounds memory over a network, potentially exposing sensitive data from process memory. The CVSS 8.2 score reflects high confidentiality impact with no authentication or user interaction required per the CVSS vector. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +5
NVD VulDB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-44820 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow condition that can be triggered when a victim opens a malicious spreadsheet, leading to out-of-bounds memory access (CWE-125). The flaw requires user interaction but no prior authentication on the target, and no public exploit identified at time of analysis. With a CVSS of 7.8 (high) and the typical phishing-friendly delivery model of Office files, this fits the profile of a document-based client-side RCE primitive.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44818 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel can be achieved by an unauthenticated attacker who tricks a user into opening a malicious spreadsheet that triggers an integer underflow condition. The flaw carries a CVSS 7.0 rating reflecting high attack complexity and required user interaction, and no public exploit identified at time of analysis. There is a notable mismatch between the description (integer underflow) and the assigned CWE-362 (race condition), which warrants verification with Microsoft's advisory.

Authentication Bypass Microsoft Race Condition 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-44817 HIGH PATCH This Week

Local code execution in Microsoft Office Excel arises from an integer underflow condition that corrupts memory when a malicious spreadsheet is opened. The flaw requires user interaction (UI:R) to trigger but needs no prior authentication, enabling attackers to run arbitrary code in the security context of the victim user. At the time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption 365 Apps Excel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44812 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44803 HIGH PATCH NEWS Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow Excel Powerpoint +14
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26112 HIGH PATCH This Week

Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.

Microsoft Authentication Bypass Office Online Server Excel Office +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26109 HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Excel and related products (Office Online Server, 365 Apps) via out-of-bounds memory read allows local attackers to achieve complete system compromise without requiring user interaction or elevated privileges. This high-severity vulnerability affects multiple Microsoft Office components and currently lacks a security patch. An attacker with local access can exploit memory corruption to execute malicious code with full system permissions.

Microsoft Information Disclosure Buffer Overflow Office Online Server 365 Apps +3
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-26108 HIGH PATCH This Week

Heap buffer overflow in Microsoft Office Excel enables local code execution with high integrity and confidentiality impact affecting Office, Office Online Server, and 365 Apps. An attacker with user interaction can achieve arbitrary code execution in the context of the affected application. No patch is currently available for this vulnerability.

Microsoft Buffer Overflow Heap Overflow Office Office Online Server +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-26107 HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Denial Of Service Memory Corruption Office Long Term Servicing Channel +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-21261 MEDIUM PATCH This Month

Information disclosure in Microsoft Office Excel and related products results from an out-of-bounds read vulnerability that requires local access and user interaction to exploit. An attacker can leverage this flaw to read sensitive data from memory on an affected system. No patch is currently available for this vulnerability affecting Office Long Term Servicing Channel, 365 Apps, and Office Online Server.

Microsoft Office Long Term Servicing Channel 365 Apps Office Online Server Office +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-21259 HIGH PATCH This Week

Privilege escalation in Microsoft Office Excel (including 365 Apps and Long Term Servicing Channel) via heap-based buffer overflow allows local attackers with user interaction to gain elevated system privileges. The vulnerability affects multiple Office product lines and currently lacks a security patch. With a CVSS score of 7.8, this poses a significant risk to organizations using affected Excel versions.

Microsoft Buffer Overflow Heap Overflow Office Long Term Servicing Channel 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-21258 MEDIUM PATCH This Month

Information disclosure in Microsoft Excel allows local attackers with user interaction to read sensitive data through improper input validation in Office 365 Apps and Long Term Servicing Channel. An attacker must socially engineer a user into opening a specially crafted file to trigger the vulnerability. No patch is currently available for this medium-severity issue.

Microsoft Office 365 Apps Office Long Term Servicing Channel Excel +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-20957 HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Excel results from an integer underflow vulnerability in the Long Term Servicing Channel and Online Server editions, exploitable by local attackers with user interaction. This HIGH severity flaw (CVSS 7.8) grants full system compromise capabilities including code execution, data theft, and service disruption with no available patch.

Microsoft Integer Overflow Office Long Term Servicing Channel Office Online Server Excel +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20950 HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Excel Office Online Server 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20946 HIGH PATCH This Week

Local code execution in Microsoft Office Excel occurs through an out-of-bounds memory read vulnerability affecting the Long Term Servicing Channel, Office 365 Apps, and standalone Office installations. An attacker with local access and user interaction can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available for this high-severity vulnerability.

Microsoft Office Long Term Servicing Channel 365 Apps Office Excel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-62203 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62202 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-62201 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62200 HIGH This Month

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-62199 HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft Use After Free 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-60727 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-60726 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-59240 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54904 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54903 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54902 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54901 MEDIUM This Month

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-54900 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54899 HIGH This Month

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54898 HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54896 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53741 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53739 HIGH This Month

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-53737 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-53735 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49711 HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-48812 MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow Excel 365 Apps +3
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-47165 HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows RCE Excel +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2025-32704 HIGH This Week

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow 365 Apps Excel Office +1
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-30383 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-30381 HIGH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30379 HIGH This Week

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30377 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
8.4
EPSS
0.7%
CVE-2025-30376 HIGH This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-30375 HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-29979 HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29977 HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-27751 HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2025-27750 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-26642 HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow 365 Apps Access +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-21394 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21390 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21387 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21386 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft RCE 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21383 HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Microsoft Buffer Overflow 365 Apps Excel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21381 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21362 HIGH PATCH CERT-EU This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free RCE 365 Apps +4
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2024-43106 CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack Microsoft Excel
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2024-49069 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2024-49030 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49029 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49028 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49027 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-49026 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2024-43504 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
6.1%
CVE-2024-43465 HIGH PATCH This Week

Microsoft Excel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft Memory Corruption 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2024-30042 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2024-20673 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel Office Office Long Term Servicing Channel +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-36041 HIGH POC PATCH THREAT This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
56.7%
CVE-2023-36037 HIGH PATCH This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Excel Office +1
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-36766 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-33133 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
44.0%
CVE-2023-32029 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
53.5%
CVE-2023-24953 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23399 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure Microsoft 365 Apps +5
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-23398 HIGH PATCH This Week

Microsoft Excel Spoofing Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2022-41106 HIGH Act Now

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.6% and no vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
8.8
EPSS
17.6%
CVE-2022-41104 MEDIUM This Month

Microsoft Excel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD VulDB
CVSS 3.1
5.5
EPSS
2.5%
CVE-2022-41063 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Office +3
NVD VulDB
CVSS 3.1
7.8
EPSS
2.3%
CVE-2022-33631 HIGH This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps Excel Office +1
NVD
CVSS 3.1
7.3
EPSS
0.8%
CVE-2022-30173 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel Office Web Apps Server
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2022-29110 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel Office Web Apps Server
NVD
CVSS 3.1
7.8
EPSS
3.6%
CVE-2022-26903 HIGH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Excel Excel Mobile Powerpoint +13
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2022-26901 HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps Excel Excel Rt +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-21840 HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel Office Office Long Term Servicing Channel +4
NVD VulDB
CVSS 3.1
8.8
EPSS
9.5%
EPSS 0% CVSS 7.1
HIGH This Week

Local spoofing in Microsoft Office for Android lets an unauthorized attacker manipulate trust-affecting content or identity indicators after a user interacts with malicious input on the device. The CVSS 7.1 score reflects high confidentiality and integrity impact with no special privileges required, though the local attack vector and required user interaction limit remote exploitability. No public exploit identified at time of analysis and the issue is not on the CISA KEV list.

Authentication Bypass Google Microsoft +3
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel results from an integer underflow (CWE-122 heap-based) that allows an unauthorized attacker to run arbitrary code in the context of the user opening a crafted spreadsheet. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the originating CNA, and the issue is tagged as a buffer/heap overflow class flaw.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Excel exposes limited memory contents to a local attacker when a user opens a specially crafted workbook. Affected product lines span Excel 2016, Office 2019, Office LTSC 2021/2024, Microsoft 365 Apps for Enterprise, Office Online Server, and multiple Mac variants. With a CVSS score of 3.3 (Low), no public exploit identified at time of analysis, and no CISA KEV listing, this is a low-urgency information disclosure issue - though a notable conflict exists between the description's claim of network-based disclosure and the CVSS AV:L (local) vector that warrants verification against the vendor advisory.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow that, when triggered by opening a crafted spreadsheet, allows an attacker to run arbitrary code in the context of the current user. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:R) confirms exploitation requires the victim to open a malicious file, and there is no public exploit identified at time of analysis. With a base score of 7.8 and full confidentiality, integrity, and availability impact, successful exploitation effectively gives the attacker the victim's privileges on the host.

Authentication Bypass Microsoft 365 Apps +6
NVD VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Information disclosure in Microsoft Office Excel allows remote unauthenticated attackers to read out-of-bounds memory over a network, potentially exposing sensitive data from process memory. The CVSS 8.2 score reflects high confidentiality impact with no authentication or user interaction required per the CVSS vector. No public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel stems from an integer underflow condition that can be triggered when a victim opens a malicious spreadsheet, leading to out-of-bounds memory access (CWE-125). The flaw requires user interaction but no prior authentication on the target, and no public exploit identified at time of analysis. With a CVSS of 7.8 (high) and the typical phishing-friendly delivery model of Office files, this fits the profile of a document-based client-side RCE primitive.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.0
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Excel can be achieved by an unauthenticated attacker who tricks a user into opening a malicious spreadsheet that triggers an integer underflow condition. The flaw carries a CVSS 7.0 rating reflecting high attack complexity and required user interaction, and no public exploit identified at time of analysis. There is a notable mismatch between the description (integer underflow) and the assigned CWE-362 (race condition), which warrants verification with Microsoft's advisory.

Authentication Bypass Microsoft Race Condition +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Excel arises from an integer underflow condition that corrupts memory when a malicious spreadsheet is opened. The flaw requires user interaction (UI:R) to trigger but needs no prior authentication, enabling attackers to run arbitrary code in the security context of the victim user. At the time of analysis, no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in Microsoft Windows Win32K GRFX (graphics) subsystem allows an attacker with low-privilege local access to run arbitrary code by triggering an integer overflow, after coaxing a user into interacting with a crafted graphics object. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, though Win32K bugs historically attract rapid exploit development for privilege escalation in post-compromise chains.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Likely Act Now

Local code execution in the Windows Win32K GRFX (graphics) subsystem allows an unauthorized attacker with the ability to run code locally to escalate privileges through an integer overflow. The flaw was reported by Microsoft (MSRC) and carries a CVSS 7.8, but requires user interaction (UI:R) and local access (AV:L), and no public exploit identified at time of analysis.

Microsoft Integer Overflow Buffer Overflow +16
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel and Office products are vulnerable to local code execution through unsafe pointer dereferencing, requiring user interaction to trigger. An attacker with local access can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available, leaving users of affected Office versions at risk.

Microsoft Authentication Bypass Office Online Server +4
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Excel and related products (Office Online Server, 365 Apps) via out-of-bounds memory read allows local attackers to achieve complete system compromise without requiring user interaction or elevated privileges. This high-severity vulnerability affects multiple Microsoft Office components and currently lacks a security patch. An attacker with local access can exploit memory corruption to execute malicious code with full system permissions.

Microsoft Information Disclosure Buffer Overflow +5
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap buffer overflow in Microsoft Office Excel enables local code execution with high integrity and confidentiality impact affecting Office, Office Online Server, and 365 Apps. An attacker with user interaction can achieve arbitrary code execution in the context of the affected application. No patch is currently available for this vulnerability.

Microsoft Buffer Overflow Heap Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Denial Of Service +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Microsoft Office Excel and related products results from an out-of-bounds read vulnerability that requires local access and user interaction to exploit. An attacker can leverage this flaw to read sensitive data from memory on an affected system. No patch is currently available for this vulnerability affecting Office Long Term Servicing Channel, 365 Apps, and Office Online Server.

Microsoft Office Long Term Servicing Channel 365 Apps +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Privilege escalation in Microsoft Office Excel (including 365 Apps and Long Term Servicing Channel) via heap-based buffer overflow allows local attackers with user interaction to gain elevated system privileges. The vulnerability affects multiple Office product lines and currently lacks a security patch. With a CVSS score of 7.8, this poses a significant risk to organizations using affected Excel versions.

Microsoft Buffer Overflow Heap Overflow +5
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Information disclosure in Microsoft Excel allows local attackers with user interaction to read sensitive data through improper input validation in Office 365 Apps and Long Term Servicing Channel. An attacker must socially engineer a user into opening a specially crafted file to trigger the vulnerability. No patch is currently available for this medium-severity issue.

Microsoft Office 365 Apps +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Arbitrary code execution in Microsoft Office Excel results from an integer underflow vulnerability in the Long Term Servicing Channel and Online Server editions, exploitable by local attackers with user interaction. This HIGH severity flaw (CVSS 7.8) grants full system compromise capabilities including code execution, data theft, and service disruption with no available patch.

Microsoft Integer Overflow Office Long Term Servicing Channel +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. [CVSS 7.8 HIGH]

Microsoft Use After Free Excel +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Excel occurs through an out-of-bounds memory read vulnerability affecting the Long Term Servicing Channel, Office 365 Apps, and standalone Office installations. An attacker with local access and user interaction can exploit this flaw to achieve arbitrary code execution with full system privileges. No patch is currently available for this high-severity vulnerability.

Microsoft Office Long Term Servicing Channel 365 Apps +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft +6
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps +4
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft 365 Apps +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps +3
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Information Disclosure +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Authentication Bypass Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Microsoft Information Disclosure Buffer Overflow +5
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Use-after-free vulnerability in Microsoft Office Excel that allows local code execution with high severity (CVSS 7.8). An attacker with local access can trigger the vulnerability through user interaction (opening a malicious file) to execute arbitrary code with the privileges of the Excel process, potentially achieving full system compromise. No KEV status, active exploitation data, or public POC availability was confirmed in the provided dataset, but the high CVSS score and local attack vector indicate this requires prompt patching.

Use After Free Microsoft Windows +6
NVD Exploit-DB
EPSS 1% CVSS 8.4
HIGH This Week

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow 365 Apps +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Release of invalid pointer or reference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps +4
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Memory Corruption Authentication Bypass +5
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Heap Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD Exploit-DB
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Buffer Overflow Heap Overflow +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Microsoft Buffer Overflow +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps +4
NVD
EPSS 1% CVSS 8.4
HIGH PATCH This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Microsoft Memory Corruption Use After Free +6
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apple Jwt Attack +2
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Microsoft RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Heap Overflow Buffer Overflow RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft 365 Apps +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +5
NVD
EPSS 6% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Microsoft +6
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Excel +7
NVD VulDB
EPSS 57% CVSS 7.8
HIGH POC PATCH THREAT This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free RCE Memory Corruption +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft +5
NVD
EPSS 44% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +5
NVD
EPSS 54% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +6
NVD
EPSS 3% CVSS 7.8
HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure +7
NVD Exploit-DB
EPSS 1% CVSS 7.1
HIGH PATCH This Week

Microsoft Excel Spoofing Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Microsoft Authentication Bypass 365 Apps +3
NVD
EPSS 18% CVSS 8.8
HIGH Act Now

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 17.6% and no vendor patch available.

Microsoft RCE 365 Apps +5
NVD VulDB
EPSS 3% CVSS 5.5
MEDIUM This Month

Microsoft Excel Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps +3
NVD VulDB
EPSS 2% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps +5
NVD VulDB
EPSS 1% CVSS 7.3
HIGH This Week

Microsoft Excel Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass 365 Apps +3
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel +1
NVD
EPSS 4% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Excel +1
NVD
EPSS 3% CVSS 7.8
HIGH This Week

Windows Graphics Component Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Excel +15
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE 365 Apps +6
NVD VulDB
EPSS 9% CVSS 8.8
HIGH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft RCE Excel +6
NVD VulDB
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy