| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Trust Center Spoofing Vulnerability |
| Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. |
| Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability |
| Visual Basic for Applications Information Disclosure Vulnerability |
| Microsoft Office Security Feature Bypass Vulnerability |
| Sandbox escape in the Profile Backup component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. |
| A vulnerability was identified in h2oai h2o-3 up to 7402. Affected by this issue is the function importFiles of the file h2o-core/src/main/java/water/persist/PersistNFS.java of the component ImportFile API. Such manipulation leads to information disclosure. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally. |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. |
| Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to validate the Host header when constructing response URLs for custom slash commands which allows an authenticated attacker to redirect slash command responses to an attacker-controlled server via a spoofed Host header.. Mattermost Advisory ID: MMSA-2026-00582 |