Microsoft Microsoft 365 Apps For Enterprise
462 CVEs affecting Microsoft Microsoft 365 Apps For Enterprise. Latest disclosed: 2026-05-12. Critical: 4, High: 387.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-21413 | Critical | 9.8 | 2024-02-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2023-23397 | Critical | 9.8 | 2023-03-14 | Microsoft Outlook Elevation of Privilege Vulnerability |
CVE-2023-21716 | Critical | 9.8 | 2023-02-14 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2023-33150 | Critical | 9.6 | 2023-07-11 | Microsoft Office Security Feature Bypass Vulnerability |
CVE-2026-40420 | High | 8.8 | 2026-05-12 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2026-35436 | High | 8.8 | 2026-05-12 | Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
CVE-2024-38189 | High | 8.8 | 2024-08-13 | Microsoft Project Remote Code Execution Vulnerability |
CVE-2024-38021 | High | 8.8 | 2024-07-09 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-30103 | High | 8.8 | 2024-06-11 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2024-21378 | High | 8.8 | 2024-02-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2023-35311 | High | 8.8 | 2023-07-11 | Microsoft Outlook Security Feature Bypass Vulnerability |
CVE-2023-33131 | High | 8.8 | 2023-06-13 | Microsoft Outlook Remote Code Execution Vulnerability |
CVE-2022-41106 | High | 8.8 | 2022-11-09 | Microsoft Excel Remote Code Execution Vulnerability |
CVE-2022-34717 | High | 8.8 | 2022-08-09 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2022-21840 | High | 8.8 | 2022-01-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2021-28455 | High | 8.8 | 2021-05-11 | Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability |
CVE-2020-1583 | High | 8.8 | 2020-08-17 | An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability… |
CVE-2026-40367 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-40366 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-40364 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |