Total
117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49699 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-15 | N/A | 7.0 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29805 | 1 Microsoft | 1 Outlook | 2025-07-10 | N/A | 7.5 HIGH |
| Exposure of sensitive information to an unauthorized actor in Outlook for Android allows an unauthorized attacker to disclose information over a network. | |||||
| CVE-2025-47171 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-09 | N/A | N/A |
| Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally. | |||||
| CVE-2025-21357 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-07-01 | N/A | 6.7 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2019-1105 | 1 Microsoft | 1 Outlook | 2025-05-20 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists in the way Microsoft Outlook for Android software parses specifically crafted email messages. An authenticated attacker could exploit the vulnerability by sending a specially crafted email message to a victim. The attacker who successfully exploited this vulnerability could then perform cross-site scripting attacks on the affected systems and run scripts in the security context of the current user. The security update addresses the vulnerability by correcting how Outlook for Android parses specially crafted email messages. | |||||
| CVE-2015-1641 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2025-04-04 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2007-4040 | 1 Microsoft | 2 Outlook, Outlook Express | 2025-04-03 | 4.3 MEDIUM | N/A |
| Argument injection vulnerability involving Microsoft Outlook and Outlook Express, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted into the command line when invoking the handling process, a similar issue to CVE-2007-3670. | |||||
| CVE-2023-23397 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-03-13 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Elevation of Privilege Vulnerability | |||||
| CVE-2021-31949 | 1 Microsoft | 3 365 Apps, Office, Outlook | 2025-02-28 | 6.8 MEDIUM | N/A |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-33131 | 1 Microsoft | 4 Office, Office Long Term Servicing Channel, Outlook and 1 more | 2025-02-28 | N/A | N/A |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2025-21259 | 1 Microsoft | 1 Outlook | 2025-02-28 | N/A | 5.3 MEDIUM |
| Microsoft Outlook Spoofing Vulnerability | |||||
| CVE-2023-35311 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-02-24 | N/A | 8.8 HIGH |
| Microsoft Outlook Security Feature Bypass Vulnerability | |||||
| CVE-2017-11774 | 1 Microsoft | 1 Outlook | 2025-02-11 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook 2016 allow an attacker to execute arbitrary commands, due to how Microsoft Office handles objects in memory, aka "Microsoft Outlook Security Feature Bypass Vulnerability." | |||||
| CVE-2025-21361 | 1 Microsoft | 2 Office, Outlook | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-26204 | 1 Microsoft | 1 Outlook | 2025-01-15 | N/A | N/A |
| Outlook for Android Information Disclosure Vulnerability | |||||
| CVE-2024-20670 | 1 Microsoft | 2 Outlook, Windows | 2025-01-08 | N/A | N/A |
| Outlook for Windows Spoofing Vulnerability | |||||
| CVE-2022-24480 | 1 Microsoft | 1 Outlook | 2025-01-02 | N/A | N/A |
| Outlook for Android Elevation of Privilege Vulnerability | |||||
| CVE-2024-43604 | 1 Microsoft | 1 Outlook | 2024-10-17 | N/A | 8.0 HIGH |
| Outlook for Android Elevation of Privilege Vulnerability | |||||
| CVE-2024-43482 | 1 Microsoft | 1 Outlook | 2024-09-18 | N/A | 6.5 MEDIUM |
| Microsoft Outlook for iOS Information Disclosure Vulnerability | |||||
| CVE-2024-38173 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-08-16 | N/A | 6.7 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||