CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-40358 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-40358
12 May 2026 — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2026-40363 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-40363
12 May 2026 — Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2026-32190 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-32190
14 Apr 2026 — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32190 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2026-26110 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-26110
10 Mar 2026 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2026-26113 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-26113
10 Mar 2026 — Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113 • CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 12%CPEs: 2EXPL: 0CVE-2026-21509 – Microsoft Office Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2026-21509
26 Jan 2026 — Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally. Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a ... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 • CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 7.0EPSS: 0%CPEs: 5EXPL: 0CVE-2026-20943 – Microsoft Office Click-To-Run Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2026-20943
13 Jan 2026 — Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20943 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-62557 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-62557
09 Dec 2025 — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62557 • CWE-416: Use After Free •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-62554 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-62554
09 Dec 2025 — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62554 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-62199 – Microsoft Office Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-62199
11 Nov 2025 — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62199 • CWE-416: Use After Free •