) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): microsoft word
- Search Type: Search All
- CPE Name Search: false
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2024-0590 |
The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Published: February 28, 2024; 8:43:22 PM -0500 |
V3.x:(not available) V2.0:(not available) |
| CVE-2024-21379 |
Microsoft Word Remote Code Execution Vulnerability Published: February 13, 2024; 1:15:55 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2024-20677 |
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. Published: January 09, 2024; 1:15:50 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2023-36009 |
Microsoft Word Information Disclosure Vulnerability Published: December 12, 2023; 1:15:21 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2023-36563 |
Microsoft WordPad Information Disclosure Vulnerability Published: October 10, 2023; 2:15:13 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
| CVE-2023-36762 |
Microsoft Word Remote Code Execution Vulnerability Published: September 12, 2023; 1:15:12 PM -0400 |
V3.1: 7.3 HIGH V2.0:(not available) |
| CVE-2023-36761 |
Microsoft Word Information Disclosure Vulnerability Published: September 12, 2023; 1:15:11 PM -0400 |
V3.1: 5.3 MEDIUM V2.0:(not available) |
| CVE-2023-29335 |
Microsoft Word Security Feature Bypass Vulnerability Published: May 09, 2023; 2:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
| CVE-2023-28311 |
Microsoft Word Remote Code Execution Vulnerability Published: April 11, 2023; 5:15:28 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2023-21716 |
Microsoft Word Remote Code Execution Vulnerability Published: February 14, 2023; 3:15:14 PM -0500 |
V3.1: 9.8 CRITICAL V2.0:(not available) |
| CVE-2022-41103 |
Microsoft Word Information Disclosure Vulnerability Published: November 09, 2022; 5:15:23 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2022-41061 |
Microsoft Word Remote Code Execution Vulnerability Published: November 09, 2022; 5:15:20 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2022-41060 |
Microsoft Word Information Disclosure Vulnerability Published: November 09, 2022; 5:15:20 PM -0500 |
V3.1: 5.5 MEDIUM V2.0:(not available) |
| CVE-2022-41031 |
Microsoft Word Remote Code Execution Vulnerability Published: October 11, 2022; 3:15:20 PM -0400 |
V3.1: 7.8 HIGH V2.0:(not available) |
| CVE-2022-2170 |
The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. Published: August 01, 2022; 9:15:10 AM -0400 |
V3.1: 4.8 MEDIUM V2.0:(not available) |
| CVE-2022-1539 |
The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. Published: July 25, 2022; 9:15:08 AM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
| CVE-2022-24511 |
Microsoft Office Word Tampering Vulnerability Published: March 09, 2022; 12:15:15 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 1.9 LOW |
| CVE-2022-24462 |
Microsoft Word Security Feature Bypass Vulnerability Published: March 09, 2022; 12:15:14 PM -0500 |
V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-21842 |
Microsoft Word Remote Code Execution Vulnerability Published: January 11, 2022; 4:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2021-42296 |
Microsoft Word Remote Code Execution Vulnerability Published: November 09, 2021; 8:19:47 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.9 MEDIUM |