Show filters
183 Total Results
Displaying 1-10 of 183
Sort by:
Attacker Value
Very High
CVE-2023-23397
Disclosure Date: March 14, 2023 (last updated August 15, 2024)
Microsoft Outlook Elevation of Privilege Vulnerability
16
Attacker Value
Unknown
CVE-2024-30103
Disclosure Date: June 11, 2024 (last updated January 12, 2025)
Microsoft Outlook Remote Code Execution Vulnerability
3
Attacker Value
High
CVE-2023-33131
Disclosure Date: June 14, 2023 (last updated January 11, 2025)
Microsoft Outlook Remote Code Execution Vulnerability
2
Attacker Value
Very High
CVE-2015-1641
Disclosure Date: April 14, 2015 (last updated July 25, 2024)
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability."
1
Attacker Value
Unknown
CVE-2023-35311
Disclosure Date: July 11, 2023 (last updated February 05, 2025)
Microsoft Outlook Security Feature Bypass Vulnerability
1
Attacker Value
Unknown
CVE-2020-16947
Disclosure Date: October 16, 2020 (last updated February 22, 2025)
<p>A remote code execution vulnerability exists in Microsoft Outlook software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the targeted user. If the targeted user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.</p>
<p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Outlook software. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack scenario, a…
1
Attacker Value
Unknown
CVE-2025-0916
Disclosure Date: February 19, 2025 (last updated February 20, 2025)
The YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions 2.4.9 to 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: The vulnerability has been initially patched in version 2.4.8 and was reintroduced in version 2.4.9 with the removal of the wp_kses_post() built-in WordPress sanitization function.
0
Attacker Value
Unknown
CVE-2025-21259
Disclosure Date: February 11, 2025 (last updated February 12, 2025)
Microsoft Outlook Spoofing Vulnerability
0
Attacker Value
Unknown
CVE-2025-21361
Disclosure Date: January 14, 2025 (last updated January 18, 2025)
Microsoft Outlook Remote Code Execution Vulnerability
0
Attacker Value
Unknown
CVE-2025-21357
Disclosure Date: January 14, 2025 (last updated January 22, 2025)
Microsoft Outlook Remote Code Execution Vulnerability
0
