Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

CVE-2026-47294

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Support Statement — Impact of SharePoint Service Prioritization on Veeam Backup Performance

Article Applicability This article is regarding SharePoint Service Prioritization, a paid, consumption-based Microsoft Azure feature billed through the customer's Microsoft Azure subscription. It affects only SharePoint and OneDrive backup performance. Exchange Online uses a different throttling...

CVE-2026-47294

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

EUVD-2026-33745

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

CVE-2026-47294

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2026-47294

CVE-2026-47294 describes a SharePoint Server remote code execution via deserialization of untrusted data in Microsoft Office SharePoint. The vulnerability allows an authenticated, network-connected attacker to potentially run code on the affected server. The linked Microsoft advisories indicate t...

CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability

...

Exploit for Deserialization of Untrusted Data in Microsoft

Security Deserialization CVE-2026-45659 Overview A HIGH...

Description of the security update for SharePoint Server 2019: May 12, 2026 (KB5002870)

Description of the security update for SharePoint Server 2019: May 12, 2026 KB5002870 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

Microsoft SharePoint Server Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 (KB5002863)

Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 KB5002863 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you'r...

Description of the security update for SharePoint Server 2016: May 12, 2026 (KB5002868)

Description of the security update for SharePoint Server 2016: May 12, 2026 KB5002868 Summary Important: If you're currently running SharePoint Workflow Manager, you must install the SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you're currently...

Microsoft Office SharePoint Operating System Command Injection Vulnerability

Microsoft Office SharePoint is an enterprise content collaboration and document management platform developed by Microsoft Corporation. Microsoft Office SharePoint has a vulnerability related to operating system command injection. This vulnerability stems from deserialized untrusted data, which...

PT-2026-45539

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Deserialization of untrusted data allows an authorized attacker to execute arbitrary code over a network, which can affect the system. Deserialization is the process of...

Exploit for CVE-2026-45659

CVE-2026-45659 SharePoint Deserialization RCE Overview E...