April Microsoft Patch Tuesday

April Microsoft Patch Tuesday. A total of 167 vulnerabilities, about twice as many as in March. There is one vulnerability already being exploited in the wild: 🔻 Spoofing - Microsoft SharePoint Server CVE-2026-32201. ZDI experts say "Spoofing bugs in SharePoint often manifest as cross-site...

April Patch Tuesday fixes two zero-days, including one under active attack

This month’s patch Tuesday looks to remediate 167 security vulnerabilities including two zero-day vulnerabilities, one of which is known to be actively exploited in the wild. This makes April one of those months where “Patch Tuesday” looks more like “patch the entire stack,” from servers and...

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation...

Microsoft SharePoint Server Spoofing Vulnerability

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-26105 Microsoft SharePoint Server Spoofing Vulnerability

...

KLA90810 Multiple vulnerabilities in Microsoft Office

Multiple vulnerabilities were found in Microsoft Office. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Word can be...

EUVD-2019-9824

Malware in sbrugna...

EUVD-2020-12201

Malware in sbrugna...

EUVD-2019-1430

Malware in sbrugna...

EUVD-2025-20552

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network...

CVE-2019-1259

A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery CSRF.To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka...

CVE-2019-0950

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0949, CVE-2019-0951...

CVE-2024-26251

CVE-2024-26251 refers to a Microsoft SharePoint Server spoofing vulnerability that allows an attacker to impersonate another user when a victim follows a rogue link. Connected sources confirm exploitation depends on social/drive-by user interaction, with root cause in improper spoofing/auth conte...

CVE-2023-23395 Microsoft SharePoint Server Spoofing Vulnerability

...

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing. An attacker could exploit the vulnerability with a specially crafted website to spoof content and trick users into believing that the site i...

CVE-2022-21987

Microsoft SharePoint Server Spoofing Vulnerability...

CVE-2021-42320

Microsoft SharePoint Server Spoofing Vulnerability...

CVE-2021-40483 Microsoft SharePoint Server Spoofing Vulnerability

...

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in Office products. A malicious party can exploit the vulnerabilities to execute arbitrary code with user privileges and spoofing. Below is a summary of the various vulnerabilities described by component and the impact. Microsoft Office SharePoint:...

CVE-2021-31172

Microsoft SharePoint Server Spoofing Vulnerability...