This page lists publicly disclosed CVE vulnerabilities affecting microsoft powerpoint (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-41102 | Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally. | [email protected] | 7.1 | 0.04% | 2026-05-12 | 2026-05-16 |
| CVE-2026-26133 | AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | [email protected] | 7.1 | 0.05% | 2026-03-16 | 2026-04-09 |
| CVE-2025-59238 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.06% | 2025-10-14 | 2025-10-16 |
| CVE-2025-54908 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.21% | 2025-09-09 | 2025-09-12 |
| CVE-2025-53761 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.90% | 2025-08-12 | 2025-08-15 |
| CVE-2025-49705 | Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.67% | 2025-07-08 | 2025-07-16 |
| CVE-2025-49699 | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | [email protected] | 7.0 | 0.35% | 2025-07-08 | 2025-07-15 |
| CVE-2025-47175 | Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally. | [email protected] | 7.8 | 0.98% | 2025-06-10 | 2025-07-09 |
| CVE-2024-39804 | A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | [email protected] | 7.1 | 0.06% | 2024-12-18 | 2025-08-25 |
| CVE-2024-38171 | Microsoft PowerPoint Remote Code Execution Vulnerability | [email protected] | 7.8 | 0.51% | 2024-08-13 | 2024-08-16 |
| CVE-2024-20673 | Microsoft Office Remote Code Execution Vulnerability | [email protected] | 7.8 | 0.41% | 2024-02-13 | 2026-05-19 |
| CVE-2022-26903 | Windows Graphics Component Remote Code Execution Vulnerability | [email protected] | 7.8 | 2.02% | 2022-04-15 | 2024-11-21 |
| CVE-2021-27056 | Microsoft PowerPoint Remote Code Execution Vulnerability | [email protected] | 7.8 | 12.75% | 2021-03-11 | 2024-11-21 |
| CVE-2020-17124 | Microsoft PowerPoint Remote Code Execution Vulnerability | [email protected] | 7.8 | 12.93% | 2020-12-10 | 2025-08-28 |
| CVE-2020-0760 | A remote code execution vulnerability exists when Microsoft Office improperly loads arbitrary type libraries, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0991. | [email protected] | 8.8 | 33.49% | 2020-04-15 | 2024-11-21 |
| CVE-2019-1462 | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. | [email protected] | 7.8 | 21.31% | 2019-12-10 | 2024-11-21 |
| CVE-2018-8628 | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server. | [email protected] | 7.8 | 27.53% | 2018-12-12 | 2024-11-21 |
| CVE-2018-8501 | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in Protected View, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Office 365 ProPlus, PowerPoint Viewer, Microsoft Office, Microsoft PowerPoint. | [email protected] | 8.8 | 29.93% | 2018-10-10 | 2024-11-21 |
| CVE-2018-8376 | A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint. | [email protected] | 8.8 | 36.40% | 2018-08-15 | 2024-11-21 |
| CVE-2017-8743 | A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8742. | [email protected] | 7.8 | 32.44% | 2017-09-13 | 2026-05-13 |