365 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (422 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62459	1 Microsoft	1 365 Defender Portal	2025-11-26	8.3 High
Microsoft Defender Portal Spoofing Vulnerability
CVE-2025-62211	1 Microsoft	2 365, Dynamics 365	2025-11-26	8.7 High
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62205	1 Microsoft	7 365, 365 Apps, Office 2021 and 4 more	2025-11-26	7.8 High
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-62203	1 Microsoft	13 365, 365 Apps, Excel and 10 more	2025-11-26	7.8 High
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62202	1 Microsoft	13 365, 365 Apps, Excel and 10 more	2025-11-26	7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-62201	1 Microsoft	14 365, 365 Apps, Excel and 11 more	2025-11-26	7.8 High
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-62200	1 Microsoft	10 365, 365 Apps, Excel and 7 more	2025-11-26	7.8 High
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-59240	1 Microsoft	9 365, 365 Apps, Excel and 6 more	2025-11-26	5.5 Medium
Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-62216	1 Microsoft	5 365, 365 Apps, Office 2021 and 2 more	2025-11-26	7.8 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62210	1 Microsoft	2 365, Dynamics 365	2025-11-26	8.7 High
Improper neutralization of input during web page generation ('cross-site scripting') in Dynamics 365 Field Service (online) allows an authorized attacker to perform spoofing over a network.
CVE-2025-62206	1 Microsoft	2 365, Dynamics 365	2025-11-26	6.5 Medium
Exposure of sensitive information to an unauthorized actor in Microsoft Dynamics 365 (on-premises) allows an unauthorized attacker to disclose information over a network.
CVE-2025-62199	1 Microsoft	11 365, 365 Apps, Excel and 8 more	2025-11-26	7.8 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-60728	1 Microsoft	8 365, 365 Apps, Office and 5 more	2025-11-26	4.3 Medium
Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
CVE-2025-60727	1 Microsoft	13 365, 365 Apps, Excel and 10 more	2025-11-26	7.8 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
CVE-2025-60726	1 Microsoft	13 365, 365 Apps, Excel and 10 more	2025-11-26	7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2025-59286	1 Microsoft	4 365, 365 Copilot, 365 Copilot Business Chat and 1 more	2025-11-22	9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59272	1 Microsoft	4 365, 365 Copilot, 365 Copilot Business Chat and 1 more	2025-11-22	9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59252	1 Microsoft	3 365, 365 Copilot, 365 Word Copilot	2025-11-22	9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Copilot allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59238	1 Microsoft	10 365, 365 Apps, Office and 7 more	2025-11-22	7.8 High
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
CVE-2025-59232	1 Microsoft	19 365, 365 Apps, Access and 16 more	2025-11-22	7.1 High
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Page 1 of 22. next last »