CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

9 matches found

Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

9.8CVSS7.4AI score0.99977EPSS

Exploits41References5

Metasploit•added 2025/08/07 6:52 p.m.•669 views

Microsoft SharePoint Server ToolPane Unauthenticated Remote Code Execution (aka ToolShell)

This module exploits the authentication bypass vulnerabilities CVE-2025-49706 and CVE-2025-53771, and an unsafe deserialization vulnerability CVE-2025-49704, to achieve unauthenticated RCE against a vulnerable Microsoft SharePoint Server. The vulnerability CVE-2025-53770 was disclosed as being a...

9.8CVSS7.4AI score0.99977EPSS

Exploits41

Securelist•added 2025/07/25 7:0 a.m.•11 views

ToolShell: a story of five vulnerabilities in Microsoft SharePoint

On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were...

9.8CVSS9AI score0.99977EPSS

Exploits51

Positive Technologies•added 2025/07/24 12:0 a.m.•2 views

PT-2025-30663 · Microsoft · Azure Virtual Machine

Name of the Vulnerable Software and Affected Versions: Azure Virtual Machines affected versions not specified Description: Improper access control in Azure Virtual Machines allows an authorized attacker to perform spoofing locally. Recommendations: At the moment, there is no information about a...

7.9CVSS5.9AI score0.00385EPSS

Exploits0References9

Positive Technologies•added 2025/07/22 12:0 a.m.•5 views

PT-2025-30400

Name of the Vulnerable Software and Affected Versions Microchip Time Provider 4100 versions prior to 2.5 Description A flaw exists in Microchip Time Provider 4100 that permits malicious manual software updates due to a missing integrity check during code download. Recommendations Update to versio...

5.7CVSS5.3AI score0.00082EPSS

Exploits0References4

CISA KEV Catalog•added 2025/07/22 12:0 a.m.•16 views

Microsoft SharePoint Code Injection Vulnerability

Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust...

9.8CVSS8.9AI score0.99977EPSS

In wildExploits41

OSV•added 2025/07/08 5:15 p.m.•2 views

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

6.5CVSS5.8AI score0.99879EPSS

Exploits9References3

Vulnrichment•added 2025/07/08 4:58 p.m.•4 views

CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability

...

6.5CVSS7.2AI score0.99879EPSS

Exploits9References1

Circl•added 2025/07/08 3:0 a.m.•19 views

CVE-2025-49706

creationtimestamp| type| source ---|---|--- 2025-07-08 03:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-580/ 2025-07-08 15:56:31+00:00| seen| https://www.thezdi.com/blog/2025/7/8/the-july-2025-security-update-review 2025-07-14 13:00:56+00:00| seen|...

6.5CVSS7.2AI score0.99879EPSS

Exploits9References124

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by