Every CVE whose affected-product data names Microsoft Onenote, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2004-0200 — CVSS 9.3 (critical): Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows…
CVE-2006-3877 — CVSS 9.3 (critical): Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac…
CVE-2017-8509 — CVSS 8.8 (high): A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office…
CVE-2014-2815 — CVSS 8.8 (high): Microsoft OneNote 2007 SP3 allows remote attackers to execute arbitrary code via a crafted OneNote file that triggers creation of an…
CVE-2025-29822 — CVSS 7.8 (high): Incomplete list of disallowed inputs in Microsoft Office OneNote allows an unauthorized attacker to bypass a security feature locally.
CVE-2017-0197 — CVSS 7.8 (high): Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka…
CVE-2008-3068 — CVSS 7.5 (high): Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation…
CVE-2026-26133 — CVSS 7.1 (high): AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2024-41159 — CVSS 7.1 (high): A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access…