Onenote Microsoft Onenote

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Onenote.

Recent Microsoft Onenote Security Advisories

Advisory Title Published
CVE-2025-29822 CVE-2025-29822 Microsoft OneNote Security Feature Bypass Vulnerability April 8, 2025
CVE-2025-21402 CVE-2025-21402 Microsoft Office OneNote Remote Code Execution Vulnerability January 14, 2025
CVE-2024-21384 Microsoft Office OneNote Remote Code Execution Vulnerability February 13, 2024
CVE-2023-36769 Microsoft OneNote Spoofing Vulnerability August 15, 2023
CVE-2023-33140 Microsoft OneNote Spoofing Vulnerability June 13, 2023
CVE-2023-21721 Microsoft OneNote Spoofing Vulnerability February 14, 2023
CVE-2022-44691 Microsoft Office OneNote Remote Code Execution Vulnerability December 13, 2022

By the Year

In 2025 there have been 1 vulnerability in Microsoft Onenote with an average score of 7.8 out of ten. Last year, in 2024 Onenote had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Onenote in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.70.




Year Vulnerabilities Average Score
2025 1 7.80
2024 1 7.10
2023 3 6.13
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Onenote vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Onenote Security Vulnerabilities

Microsoft Office OneNote Remote Code Execution Vulnerability

CVE-2025-21402 7.8 - High - January 14, 2025

Microsoft Office OneNote Remote Code Execution Vulnerability

Improper Restriction of Names for Files and Other Resources

Microsoft OneNote Library Injection Vulnerability on macOS

CVE-2024-41159 7.1 - High - December 18, 2024

A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Improper Verification of Cryptographic Signature

Microsoft OneNote Spoofing Vulnerability

CVE-2023-36769 5.4 - Medium - November 06, 2023

Microsoft OneNote Spoofing Vulnerability

Microsoft OneNote Spoofing Vulnerability

CVE-2023-33140 6.5 - Medium - June 14, 2023

Microsoft OneNote Spoofing Vulnerability

Microsoft OneNote Elevation of Privilege Vulnerability

CVE-2023-21721 6.5 - Medium - February 14, 2023

Microsoft OneNote Elevation of Privilege Vulnerability

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file

CVE-2014-2815 8.8 - High - August 12, 2014

Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an executable file in a startup folder, aka "OneNote Remote Code Execution Vulnerability."

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Onenote or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe