Microsoft Patches SharePoint RCE Flaw CVE-2026-45659 Across Server Versions

Microsoft has rolled out updates to fix a remote code execution vulnerability impacting SharePoint that could be exploited by bad actors in attacks without requiring any specialized conditions to be met. The vulnerability, tracked as CVE-2026-45659 , carries a CVSS score of 8.8. It has been...

Microsoft SharePoint 代码问题漏洞

Microsoft SharePoint is a corporate business collaboration platform developed by Microsoft Corporation in the United States. This platform is used for integrating business information and enabling sharing of work, collaboration with others, organization of projects and teams, as well as searching...

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 (KB5002823)

Description of the security update for SharePoint Server 2019 Language Pack: January 13, 2026 KB5002823 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

Microsoft SharePoint SQL注入漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing work, collaborating with others, organizing projects and workgroups, and searching for people and information. An SQL injection...

Microsoft Word 资源管理错误漏洞

Microsoft Word is a word processing software in the Office suite of the U.S. company Microsoft Microsoft. A code execution vulnerability exists in Microsoft Word, which can be exploited by an attacker to execute arbitrary code on a system...

Description of the security update for SharePoint Server 2019 Language Pack: October 14, 2025 (KB5002798)

Description of the security update for SharePoint Server 2019 Language Pack: October 14, 2025 KB5002798 Summary Important: If you're running 2013-type workflows, you mustinstall the August 2025 update for SharePoint Workflow Manager to your farm before you install this cumulative update.​​​​​​​ I...

EUVD-2024-31585

Malicious code in bioql PyPI...

Microsoft Word 安全漏洞

Microsoft Word is a word processing software in the Office suite of Microsoft Corporation USA. A security vulnerability exists in Microsoft Word. An attacker exploiting this vulnerability could gain access to sensitive information. The following products and editions are affected:Microsoft...

Description of the security update for SharePoint Server 2019: August 12, 2025 (KB5002769)

Description of the security update for SharePoint Server 2019: August 12, 2025 KB5002769 Summary This security update resolves a Microsoft SharePoint remote code execution vulnerability, Microsoft SharePoint elevation of privilege vulnerability, Microsoft Word remote code execution vulnerability,...

📄 Microsoft SharePoint 2019 NTLM Authentication Information Disclosure

Microsoft SharePoint Central Administration improperly exposes NTLM-authenticated endpoints to low-privileged or even brute-forced domain accounts. Once authenticated, an attacker can access the api/web endpoint, disclosing rich metadata about the SharePoint site, including user group...

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

Microsoft Office Sharepoint Server 代码问题漏洞

Microsoft Office Sharepoint Server is a web-based content management and collaboration tool designed for enterprise customers by Microsoft. The initial version of the software existed in the form of Office components, and is still greatly dependent on Office to provide enterprise portals, documen...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

The CVE-2024-34400 entry concerns VirtoSoftware Virto Kanban Board Web Part for SharePoint 2019, affected by a cross-site scripting (XSS) vulnerability in the API endpoint /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx (LinkTitle2) prior to version 5.3.5.1. Root cause details are not ex...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS...

PT-2024-25858 · Virtosoftware +1 · Virto Kanban Board Web Part +1

Name of the Vulnerable Software and Affected Versions: VirtoSoftware Virto Kanban Board Web Part versions prior to 5.3.5.1 for SharePoint 2019 Description: An issue was discovered in the software, specifically with the "/ layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx" API endpoint, where...

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter...