365 Apps Microsoft 365 Apps

  1. Vendors
  2. Microsoft
  3. 365 Apps

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft 365 Apps.

By the Year

In 2026 there have been 10 vulnerabilities in Microsoft 365 Apps with an average score of 8.0 out of ten. Last year, in 2025 365 Apps had 152 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in 365 Apps in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.26.




Year Vulnerabilities Average Score
2026 10 7.98
2025 152 7.72
2024 42 7.69
2023 55 7.36
2022 46 7.26
2021 64 7.45
2020 50 7.30

It may take a day or so for new 365 Apps vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft 365 Apps Security Vulnerabilities

Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20957 7.8 - High - January 13, 2026

Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Integer underflow

Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20950 7.8 - High - January 13, 2026

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20952 8.4 - High - January 13, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jan 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20948 7.8 - High - January 13, 2026

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jan 2026: Microsoft Excel Security Feature Bypass Vulnerability
CVE-2026-20949 7.8 - High - January 13, 2026

Improper access control in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.

Authorization

Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20956 7.8 - High - January 13, 2026

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jan 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-20953 8.4 - High - January 13, 2026

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20955 7.8 - High - January 13, 2026

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Jan 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-20944 8.4 - High - January 13, 2026

Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Jan 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-20946 7.8 - High - January 13, 2026

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62560 7.8 - High - December 09, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Dec 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-62559 7.8 - High - December 09, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-62558 7.8 - High - December 09, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62557 8.4 - High - December 09, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62556 7.8 - High - December 09, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Dec 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-62555 7 - High - December 09, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62554 8.4 - High - December 09, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

Object Type Confusion

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62553 7.8 - High - December 09, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Access Remote Code Execution Vulnerability
CVE-2025-62552 7.8 - High - December 09, 2025

Relative path traversal in Microsoft Office Access allows an unauthorized attacker to execute code locally.

Relative Path Traversal

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62563 7.8 - High - December 09, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62564 7.8 - High - December 09, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Dec 2025: Microsoft Outlook Remote Code Execution Vulnerability
CVE-2025-62562 7.8 - High - December 09, 2025

Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.

Dangling pointer

Dec 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62561 7.8 - High - December 09, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62205 7.8 - High - November 11, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Nov 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62203 7.8 - High - November 11, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Nov 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-62202 7.1 - High - November 11, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Nov 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62200 7.8 - High - November 11, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Untrusted Pointer Dereference

Nov 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-62201 7.8 - High - November 11, 2025

Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Nov 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59240 5.5 - Medium - November 11, 2025

Exposure of sensitive information to an unauthorized actor in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Information Disclosure

Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62216 7.8 - High - November 11, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Nov 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-62199 7.8 - High - November 11, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Nov 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-60727 7.8 - High - November 11, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Out-of-bounds Read

Nov 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-60728 4.3 - Medium - November 11, 2025

Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.

Untrusted Pointer Dereference

Nov 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-60726 7.1 - High - November 11, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Oct 2025: Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2025-59238 7.8 - High - October 14, 2025

Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59232 7.1 - High - October 14, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Oct 2025: Microsoft Office Denial of Service Vulnerability
CVE-2025-59229 5.5 - Medium - October 14, 2025

Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally.

Uncaught Exception

Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59227 7.8 - High - October 14, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59225 7.8 - High - October 14, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2025-59226 7.8 - High - October 14, 2025

Use after free in Microsoft Office Visio allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59224 7.8 - High - October 14, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-59222 7.8 - High - October 14, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59223 7.8 - High - October 14, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Word Remote Code Execution Vulnerability
CVE-2025-59221 7 - High - October 14, 2025

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59243 7.8 - High - October 14, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59236 8.4 - High - October 14, 2025

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Office Remote Code Execution Vulnerability
CVE-2025-59234 7.8 - High - October 14, 2025

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Dangling pointer

Oct 2025: Microsoft Excel Information Disclosure Vulnerability
CVE-2025-59235 7.1 - High - October 14, 2025

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.

Out-of-bounds Read

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59231 7.8 - High - October 14, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Oct 2025: Microsoft Excel Remote Code Execution Vulnerability
CVE-2025-59233 7.8 - High - October 14, 2025

Access of resource using incompatible type ('type confusion') in Microsoft Office Excel allows an unauthorized attacker to execute code locally.

Object Type Confusion

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft 365 Apps or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft 365 Apps
Product

subscribe