365 Apps

365_apps

Vendor: Microsoft • 472 CVEs

CVEs (472)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-40421 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 1, 2026 May 12, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40420 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40367 1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 more Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40364 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 1Microsoft 5365 Apps ExcelOffice+2 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 3, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40360 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-35440 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35436 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-33822 1Microsoft 2365 Apps Office Long Term Servicing Channel Apr 29, 2026 Apr 14, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-33115 1Microsoft 2365 Apps Office Long Term Servicing Channel Apr 29, 2026 Apr 14, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33114 1Microsoft 2365 Apps Office Long Term Servicing Channel Apr 29, 2026 Apr 14, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-33095 1Microsoft 2365 Apps Office Long Term Servicing Channel Apr 29, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-32200 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Apr 28, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

12 3 4 5...24 Next