Skip to main content

Office

119 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-29791 HIGH CERT-EU This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Memory Corruption Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27752 HIGH CERT-EU This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Microsoft 365 Apps Office +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27751 HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +4
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2025-27750 HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-27749 HIGH CERT-EU This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27748 HIGH CERT-EU This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27747 HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27746 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27745 HIGH CERT-EU This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27744 HIGH This Week

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2025-26687 HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Windows Denial Of Service Use After Free Memory Corruption Microsoft +16
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-26642 HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft 365 Apps Excel +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-21394 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21392 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21390 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21387 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21386 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21383 HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Excel +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-21381 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Excel Office +2
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-21395 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2025-21366 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2025-21362 HIGH PATCH CERT-EU This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +4
NVD
CVSS 3.1
8.4
EPSS
0.6%
CVE-2025-21357 MEDIUM PATCH This Month

Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Outlook 365 Apps Office +1
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2025-21356 HIGH PATCH This Month

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2025-21354 HIGH PATCH CERT-EU This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
8.4
EPSS
1.5%
CVE-2025-21346 HIGH PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-21345 HIGH PATCH This Month

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption Microsoft 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-21186 HIGH PATCH CERT-EU This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2024-20677 HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Windows RCE Buffer Overflow Heap Overflow Microsoft +3
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2025-29791
EPSS 1% CVSS 7.8
HIGH This Week

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Memory Corruption Microsoft +3
NVD
CVE-2025-27752
EPSS 1% CVSS 7.8
HIGH This Month

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Microsoft +3
NVD
CVE-2025-27751
EPSS 1% CVSS 7.8
HIGH POC This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Memory Corruption +6
NVD Exploit-DB
CVE-2025-27750
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +5
NVD
CVE-2025-27749
EPSS 1% CVSS 7.8
HIGH This Month

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +4
NVD
CVE-2025-27748
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +4
NVD
CVE-2025-27747
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft 365 Apps +5
NVD
CVE-2025-27746
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +6
NVD
CVE-2025-27745
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Memory Corruption +4
NVD
CVE-2025-27744
EPSS 1% CVSS 7.8
HIGH This Week

Improper access control in Microsoft Office allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Office
NVD
CVE-2025-26687
EPSS 0% CVSS 7.5
HIGH This Week

Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Windows Denial Of Service Use After Free +18
NVD VulDB
CVE-2025-26642
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft +7
NVD
CVE-2025-21394
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +6
NVD
CVE-2025-21392
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +4
NVD
CVE-2025-21390
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow +6
NVD
CVE-2025-21387
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +6
NVD
CVE-2025-21386
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +6
NVD
CVE-2025-21383
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Information Disclosure Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft +4
NVD
CVE-2025-21381
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
CVE-2025-21395
EPSS 2% CVSS 7.8
HIGH PATCH This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow +5
NVD
CVE-2025-21366
EPSS 2% CVSS 7.8
HIGH PATCH This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +5
NVD
CVE-2025-21362
EPSS 1% CVSS 8.4
HIGH PATCH This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +6
NVD
CVE-2025-21357
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.7). This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Outlook +3
NVD
CVE-2025-21356
EPSS 1% CVSS 7.8
HIGH PATCH This Month

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow +4
NVD
CVE-2025-21354
EPSS 2% CVSS 8.4
HIGH PATCH This Month

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +3
NVD
CVE-2025-21346
EPSS 0% CVSS 7.1
HIGH PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps +2
NVD
CVE-2025-21345
EPSS 1% CVSS 7.8
HIGH PATCH This Month

Microsoft Office Visio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

RCE Use After Free Memory Corruption +4
NVD
CVE-2025-21186
EPSS 1% CVSS 7.8
HIGH PATCH This Month

Microsoft Access Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Heap Overflow +5
NVD
CVE-2024-20677
EPSS 0% CVSS 7.8
HIGH PATCH This Month

A security vulnerability exists in FBX that could lead to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Windows RCE Buffer Overflow +5
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy