Office

office

Vendor: Microsoft • 1,032 CVEs

CVEs (1,032)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-42832 1Microsoft 4Excel OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.
CVE-2026-42831 1Microsoft 2Office Office Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40421 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 1, 2026 May 12, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-40420 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40419 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40418 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-40367 1Microsoft 5365 Apps OfficeOffice Long Term Servicing Channel+2 more Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40366 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40364 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel May 19, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40362 1Microsoft 5365 Apps ExcelOffice+2 more Jun 1, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40361 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Jun 3, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40360 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-40359 1Microsoft 5365 Apps ExcelOffice+2 more May 19, 2026 May 12, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-40358 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.4 HIGH· v3 N/A· v2 Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-35440 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more May 19, 2026 May 12, 2026 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2026-35436 1Microsoft 3365 Apps OfficeOffice Long Term Servicing Channel Jun 1, 2026 May 12, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2026-32200 1Microsoft 4365 Apps OfficeOffice Long Term Servicing Channel+1 more Apr 28, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2026-32199 1Microsoft 5365 Apps ExcelOffice+2 more Apr 28, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2026-32198 1Microsoft 5365 Apps ExcelOffice+2 more Apr 28, 2026 Apr 14, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

12 3 4 5...52 Next