cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38189,https://securityvulnerability.io/vulnerability/CVE-2024-38189,Remote Code Execution Vulnerability Affects Microsoft Project,"A vulnerability exists in Microsoft Project that allows for remote code execution under specific conditions. This vulnerability could be exploited when a user opens a specially crafted file designed to compromise the application, leading to unauthorized operations on the user's system. Attackers could potentially gain access to sensitive data or control over affected systems. To protect against this vulnerability, it is essential to apply the latest security updates from Microsoft and to follow best practices for file handling and security.",Microsoft,"Microsoft Office 2019,Microsoft 365 Apps For Enterprise,Microsoft Project 2016,Microsoft Office Ltsc 2021",8.8,HIGH,0.006209999788552523,true,false,false,true,,false,false,2024-08-13T17:30:31.741Z,0
CVE-2020-1449,https://securityvulnerability.io/vulnerability/CVE-2020-1449,,"A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.",Microsoft,"Microsoft Office,Microsoft 365 Apps For Enterprise For 32-bit Systems,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft Project",7.8,HIGH,0.020490000024437904,false,false,false,false,,false,false,2020-07-14T23:15:00.000Z,0
CVE-2020-1322,https://securityvulnerability.io/vulnerability/CVE-2020-1322,,"An information disclosure vulnerability exists when Microsoft Project reads out of bound memory due to an uninitialized variable, aka 'Microsoft Project Information Disclosure Vulnerability'.",Microsoft,"Microsoft Project,Microsoft Office,Microsoft 365 Apps For Enterprise For 64-bit Systems,Microsoft 365 Apps For Enterprise For 32-bit Systems",6.5,MEDIUM,0.011629999615252018,false,false,false,false,,false,false,2020-06-09T19:44:08.000Z,0
CVE-2020-0954,https://securityvulnerability.io/vulnerability/CVE-2020-0954,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925, CVE-2020-0926, CVE-2020-0927, CVE-2020-0930, CVE-2020-0933, CVE-2020-0973, CVE-2020-0978.",Microsoft,"Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server,Microsoft Project Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2020-04-15T15:13:01.000Z,0
CVE-2020-0760,https://securityvulnerability.io/vulnerability/CVE-2020-0760,,"A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus,Microsoft Excel,Microsoft Powerpoint,Microsoft Visio,Microsoft Word,Microsoft Publisher 2016 (32-bit Edition),Microsoft Publisher 2016 (64-bit Edition),Microsoft Access,Microsoft Outlook,Microsoft Publisher 2013 Service Pack 1 (32-bit Editions),Microsoft Publisher 2013 Service Pack 1 (64-bit Editions),Microsoft Publisher",8.8,HIGH,0.06233999878168106,false,false,false,false,,false,false,2020-04-15T15:12:40.000Z,0
CVE-2019-1264,https://securityvulnerability.io/vulnerability/CVE-2019-1264,,"A security feature bypass vulnerability exists when Microsoft Office improperly handles input, aka 'Microsoft Office Security Feature Bypass Vulnerability'.",Microsoft,"Microsoft Project,Microsoft Office,Office 365 Proplus",7.8,HIGH,0.0009699999936856329,false,false,false,false,,false,false,2019-09-11T21:24:59.000Z,0
CVE-2019-1033,https://securityvulnerability.io/vulnerability/CVE-2019-1033,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1036.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint Foundation,Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2019-06-12T13:49:40.000Z,0
CVE-2019-1036,https://securityvulnerability.io/vulnerability/CVE-2019-1036,,"A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2019-1031, CVE-2019-1032, CVE-2019-1033.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint Foundation,Microsoft Sharepoint Enterprise Server,Microsoft Sharepoint Server",5.4,MEDIUM,0.0006799999973736703,false,false,false,false,,false,false,2019-06-12T13:49:40.000Z,0
CVE-2018-8575,https://securityvulnerability.io/vulnerability/CVE-2018-8575,,"A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka ""Microsoft Project Remote Code Execution Vulnerability."" This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.",Microsoft,"Microsoft Project,Office,Microsoft Project Server",7.8,HIGH,0.8542199730873108,false,false,false,false,,false,false,2018-11-14T01:00:00.000Z,0
CVE-2018-8254,https://securityvulnerability.io/vulnerability/CVE-2018-8254,,"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft Project Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8252.",Microsoft,"Microsoft Project Server,Microsoft Sharepoint",5.4,MEDIUM,0.01295000035315752,false,false,false,false,,false,false,2018-06-14T12:00:00.000Z,0
CVE-2018-8156,https://securityvulnerability.io/vulnerability/CVE-2018-8156,,"An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka ""Microsoft SharePoint Elevation of Privilege Vulnerability."" This affects Microsoft SharePoint, Microsoft Project Server. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8168.",Microsoft,"Microsoft Sharepoint,Microsoft Project Server",5.4,MEDIUM,0.01295000035315752,false,false,false,false,,false,false,2018-05-09T19:00:00.000Z,0
CVE-2015-2503,https://securityvulnerability.io/vulnerability/CVE-2015-2503,,"Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 SP2, OneNote 2010 SP2, PowerPoint 2010 SP2, Project 2010 SP2, Publisher 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Pinyin IME 2010, Access 2013 SP1, Excel 2013 SP1, InfoPath 2013 SP1, OneNote 2013 SP1, PowerPoint 2013 SP1, Project 2013 SP1, Publisher 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, OneNote 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Access 2016, Excel 2016, OneNote 2016, PowerPoint 2016, Project 2016, Publisher 2016, Visio 2016, Word 2016, Skype for Business 2016, and Lync 2013 SP1 allow remote attackers to bypass a sandbox protection mechanism and gain privileges via a crafted web site that is accessed with Internet Explorer, as demonstrated by a transition from Low Integrity to Medium Integrity, aka ""Microsoft Office Elevation of Privilege Vulnerability.""",Microsoft,"Word,Onenote,Publisher,Powerpoint,Project Server,Infopath,Access,Excel,Project,Visio,Lync,Skype For Business,Pinyin Ime,Office 2007 Ime",,,0.006819999776780605,false,false,false,false,,false,false,2015-11-11T11:00:00.000Z,0
CVE-2015-1640,https://securityvulnerability.io/vulnerability/CVE-2015-1640,,"Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka ""Microsoft SharePoint XSS Vulnerability.""",Microsoft,Project Server,,,0.546999990940094,false,false,false,false,,false,false,2015-04-14T20:00:00.000Z,0
CVE-2014-0251,https://securityvulnerability.io/vulnerability/CVE-2014-0251,,"Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1; SharePoint Foundation 2010 SP1 and SP2 and 2013 Gold and SP1; Project Server 2010 SP1 and SP2 and 2013 Gold and SP1; Web Applications 2010 SP1 and SP2; Office Web Apps Server 2013 Gold and SP1; SharePoint Server 2013 Client Components SDK; and SharePoint Designer 2007 SP3, 2010 SP1 and SP2, and 2013 Gold and SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka ""SharePoint Page Content Vulnerability.""",Microsoft,"Project Server,Sharepoint Foundation,Web Applications,Sharepoint Server,Sharepoint Designer,Office Web Apps Server,Sharepoint Services,Sharepoint Server Client Components Sdk",,,0.017109999433159828,false,false,false,false,,false,false,2014-05-14T10:00:00.000Z,0
CVE-2009-0102,https://securityvulnerability.io/vulnerability/CVE-2009-0102,,"Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka ""Project Memory Validation Vulnerability.""",Microsoft,"Office Project,Project Server,Project Portfolio Server",,,0.8968499898910522,false,false,false,false,,false,false,2009-12-09T18:00:00.000Z,0
CVE-2008-4253,https://securityvulnerability.io/vulnerability/CVE-2008-4253,,"The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""FlexGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6840500235557556,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4255,https://securityvulnerability.io/vulnerability/CVE-2008-4255,,"Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an ""allocation error"" and memory corruption, aka ""Windows Common AVI Parsing Overflow Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.9411900043487549,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4256,https://securityvulnerability.io/vulnerability/CVE-2008-4256,,"The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""Charts Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6840500235557556,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4252,https://securityvulnerability.io/vulnerability/CVE-2008-4252,,"The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the ""system state,"" aka ""DataGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.6039599776268005,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-4254,https://securityvulnerability.io/vulnerability/CVE-2008-4254,,"Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the ""system state,"" aka ""Hierarchical FlexGrid Control Memory Corruption Vulnerability.""",Microsoft,"Visual Foxpro,Visual Studio .net,Visual Basic,Project,Office Frontpage",,,0.9618499875068665,false,false,false,false,,false,false,2008-12-10T13:33:00.000Z,0
CVE-2008-3068,https://securityvulnerability.io/vulnerability/CVE-2008-3068,,"Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.",Microsoft,"Frontpage,Sharepoint Designer,Office Communicator,Access,Visio Professional,Outlook,Project Standard,Powerpoint,Infopath,Visio Standard,Windows Live Mail,Publisher,Onenote,Excel,Project Professional,Office,Groove",,,0.05584000051021576,false,false,false,false,,false,false,2008-07-07T23:41:00.000Z,0
CVE-2008-1088,https://securityvulnerability.io/vulnerability/CVE-2008-1088,,"Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of ""memory resource allocations.""",Microsoft,Project,,,0.7604399919509888,false,false,false,false,,false,false,2008-04-08T23:05:00.000Z,0
CVE-2007-0671,https://securityvulnerability.io/vulnerability/CVE-2007-0671,,"Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.",Microsoft,"Frontpage,Project,Access,Outlook,Powerpoint,Office,Excel,Publisher,Word,Infopath,Excel Viewer,Visio,Onenote,Word Viewer",,,0.9559100270271301,false,false,false,false,,false,false,2007-02-03T01:00:00.000Z,0
CVE-2006-5574,https://securityvulnerability.io/vulnerability/CVE-2006-5574,,"Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.",Microsoft,"Visio,Office Proofing Tools,Project Multilingual User Interface Pack,Office Multilingual User Interface Pack,Office",,,0.08664000034332275,false,false,false,false,,false,false,2006-12-31T05:00:00.000Z,0
CVE-2006-6617,https://securityvulnerability.io/vulnerability/CVE-2006-6617,,"projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.",Microsoft,Project Server,,,0.020080000162124634,false,false,false,false,,false,false,2006-12-18T11:00:00.000Z,0