Filtered by vendor Microsoft
Subscriptions
Filtered by product 365
Subscriptions
Total
61 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53774 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 6.5 Medium |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53787 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 8.2 High |
| Microsoft 365 Copilot BizChat Information Disclosure Vulnerability | ||||
| CVE-2025-53741 | 1 Microsoft | 16 365, 365 Apps, Excel and 13 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53759 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-26 | 7.8 High |
| Use of uninitialized resource in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53731 | 1 Microsoft | 12 365, 365 Apps, Office and 9 more | 2026-02-26 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53735 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53737 | 1 Microsoft | 14 365, 365 Apps, Excel and 11 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-53739 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54896 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54898 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54899 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Free of memory not on the heap in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54902 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54904 | 1 Microsoft | 15 365, 365 Apps, Excel and 12 more | 2026-02-26 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-54900 | 1 Microsoft | 13 365, 365 Apps, Excel and 10 more | 2026-02-26 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-4234 | 3 Microsoft, Palo Alto, Paloaltonetworks | 5 365, Networks, Cortex Xdr and 2 more | 2026-02-26 | N/A |
| A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these credentials are exposed to recipients of the application logs. | ||||
| CVE-2025-59252 | 1 Microsoft | 3 365, 365 Copilot, 365 Word Copilot | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59272 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform information disclosure locally. | ||||
| CVE-2025-59286 | 1 Microsoft | 4 365, 365 Copilot, 365 Copilot Business Chat and 1 more | 2026-02-26 | 9.3 Critical |
| Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-59231 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2026-02-26 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-59233 | 1 Microsoft | 12 365, 365 Apps, Excel and 9 more | 2026-02-26 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||