Export limit exceeded: 352335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1301 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0008 | 1 Microsoft | 3 Office, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||||
| CVE-1999-0384 | 1 Microsoft | 6 Office, Outlook, Project and 3 more | 2026-04-16 | N/A |
| The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content. | ||||
| CVE-2002-0860 | 1 Microsoft | 2 Office Web Components, Project | 2026-04-16 | N/A |
| The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file. | ||||
| CVE-2002-0021 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement. | ||||
| CVE-2006-0007 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. | ||||
| CVE-2000-0088 | 1 Microsoft | 4 Office, Office Converter Pack, Powerpoint and 1 more | 2026-04-16 | N/A |
| Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. | ||||
| CVE-2004-0573 | 1 Microsoft | 5 Frontpage, Office, Publisher and 2 more | 2026-04-16 | N/A |
| Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website. | ||||
| CVE-2026-21259 | 1 Microsoft | 9 365 Apps, Excel, Excel 2016 and 6 more | 2026-04-15 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-21258 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-15 | 5.5 Medium |
| Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-21260 | 1 Microsoft | 11 365 Apps, Office, Office 2019 and 8 more | 2026-04-15 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21514 | 1 Microsoft | 6 365 Apps, Office 2021, Office 2024 and 3 more | 2026-04-15 | 7.8 High |
| Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21511 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-04-15 | 7.5 High |
| Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-21261 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-15 | 5.5 Medium |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-20846 | 1 Microsoft | 31 Office, Windows 10 1607, Windows 10 1809 and 28 more | 2026-04-15 | 7.5 High |
| Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26110 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-04-14 | 8.4 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26109 | 1 Microsoft | 13 365 Apps, Excel, Excel 2016 and 10 more | 2026-04-14 | 8.4 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26108 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26107 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-14 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26138 | 1 Microsoft | 2 Office Purview, Purview | 2026-04-14 | 8.6 High |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26139 | 1 Microsoft | 2 Office Purview, Purview | 2026-04-14 | 8.6 High |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||||