teams

Published Aug 8, 2023

CVE-2023-29330

HIGH8.8

Microsoft Teams Remote Code Execution Vulnerability

microsoft / teams+3

Published Aug 8, 2023

CVE-2023-4863

HIGH8.8

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

google / chrome+19

Published Sep 12, 2023

CVE-2026-21535

HIGH8.2

Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.

Published Feb 19, 2026

CVE-2019-5922

HIGH7.8

Untrusted search path vulnerability in The installer of Microsoft Teams allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Published Mar 12, 2019

CVE-2020-17091

HIGH7.8

Microsoft Teams Remote Code Execution Vulnerability

Published Nov 11, 2020

CVE-2022-21965

HIGH7.5

Microsoft Teams Denial of Service Vulnerability

microsoft / teams+2

microsoft / dynamics_365_guides+7

Published Feb 9, 2022

CVE-2025-53783

HIGH7.5

Heap-based buffer overflow in Microsoft Teams allows an unauthorized attacker to execute code over a network.

Published Aug 12, 2025

CVE-2024-42004

HIGH7.1

A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Published Dec 18, 2024

CVE-2024-41145

HIGH7.1

A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Published Dec 18, 2024

CVE-2024-41138

HIGH7.1

A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.

Published Dec 18, 2024

CVE-2025-49737

HIGH7.0

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Teams allows an authorized attacker to elevate privileges locally.

Published Jul 8, 2025

CVE-2024-38197

MEDIUM6.5

Microsoft Teams for iOS Spoofing Vulnerability

Published Aug 13, 2024

CVE-2023-24881

MEDIUM6.5

Microsoft Teams Information Disclosure Vulnerability

Published Jul 11, 2023

CVE-2021-24114

MEDIUM5.7

Microsoft Teams iOS Information Disclosure Vulnerability

Published Feb 25, 2021

CVE-2020-10146

MEDIUM5.7

The Microsoft Teams online service contains a stored cross-site scripting vulnerability in the displayName parameter that can be exploited on Teams clients to obtain sensitive information such as authentication tokens and to possibly execute arbitrary commands. This vulnerability was fixed for all Teams users in the online service on or around October 2020.

Published Dec 9, 2020

CVE-2024-21374

MEDIUM5.0

Microsoft Teams for Android Information Disclosure Vulnerability