Microsoft Office 365
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Office 365.
By the Year
In 2026 there have been 26 vulnerabilities in Microsoft Office 365 with an average score of 7.0 out of ten. Office 365 did not have any published security vulnerabilities last year. That is, 26 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 26 | 7.02 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 4 | 7.80 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Office 365 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Office 365 Security Vulnerabilities
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45463
8.4 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Integer underflow
Jun 2026: Microsoft Excel Security Feature Bypass Vulnerability
CVE-2026-45459
3.3 - Low
- June 09, 2026
Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45457
7.8 - High
- June 09, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Jun 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-45455
3.3 - Low
- June 09, 2026
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jun 2026: Microsoft Excel Information Disclosure Vulnerability
CVE-2026-44822
8.2 - High
- June 09, 2026
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45645
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45643
7.8 - High
- June 09, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Jun 2026: Microsoft Word Information Disclosure Vulnerability
CVE-2026-45466
3.3 - Low
- June 09, 2026
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45461
8.4 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45460
4.7 - Medium
- June 09, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Buffer Over-read
Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45458
8.4 - High
- June 09, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45456
8.4 - High
- June 09, 2026
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44823
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Numeric Truncation Error
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44824
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44820
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-44821
5.5 - Medium
- June 09, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44819
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44818
7 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Race Condition
Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44817
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Object Type Confusion
Jun 2026: Microsoft Office Information Disclosure Vulnerability
CVE-2026-45485
3.3 - Low
- June 09, 2026
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45486
7.8 - High
- June 09, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45471
7.8 - High
- June 09, 2026
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45474
8.4 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45472
8.4 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Jun 2026: Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-45469
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
Integer underflow
Nov 2019:
CVE-2019-1446
- November 12, 2019
An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.
Nov 2019:
CVE-2019-1402
- November 12, 2019
An information disclosure vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Information Disclosure Vulnerability'.
Jul 2019:
CVE-2019-1109
- July 15, 2019
A spoofing vulnerability exists when Microsoft Office Javascript does not check the validity of the web page making a request to Office documents.An attacker who successfully exploited this vulnerability could read or write information in Office documents.The security update addresses the vulnerability by correcting the way that Microsoft Office Javascript verifies trusted web pages., aka 'Microsoft Office Spoofing Vulnerability'.
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory
CVE-2019-0945
7.8 - High
- May 16, 2019
A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0946, CVE-2019-0947.
Data Processing Errors
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory
CVE-2018-8597
7.8 - High
- December 12, 2018
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8636.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Office 365 or by Microsoft? Click the Watch button to subscribe.
