Lucene search
K

8435 matches found

Nuclei
Nuclei
added yesterday78 views

Microsoft SharePoint - Remote Code Execution

Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. id: CVE-2020-16952 info: name: Microsoft SharePoint - Remote Code Execution author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerabl...

8.6CVSS7.7AI score0.70894EPSS
Exploits5References5
NVD
NVD
added 2 days ago7 views

CVE-2025-53828

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
CVE
CVE
added 2 days ago12 views

CVE-2025-53828

CVE-2025-53828 describes a SSRF vulnerability in SharePoint for ownCloud prior to 0.4.1 (affecting ownCloud 10 prior to 10.15.3). An attacker with administrative privileges can trigger SSRF to execute arbitrary code on the system. The fixed version is SharePoint for ownCloud 0.4.1, delivered with...

8.5CVSS6.4AI score0.00232EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago36 views

CVE-2025-53828 SharePoint for ownCloud 10 is vulnerable to Server-Side Request Forgery (SSRF)

SharePoint for ownCloud is an application for using SharePoint with the file storage, synchronization, and sharing application ownCloud Classic. In SharePoint for ownCloud prior to version 0.4.1, which corresponds to ownCloud 10 prior to 10.15.3, an attacker with administrative privileges can use...

8.5CVSS0.00232EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/07/01 12:0 a.m.7 views

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network...

8.8CVSS7.7AI score0.03219EPSS
In wildExploits4
Veeam
Veeam
added 2026/06/29 12:0 a.m.11 views

Release Information for Veeam Backup for Microsoft 365 8.5

Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...

5.7AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52914

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The Storages module writes the OneDrive/SharePoint userless OAuth access token in plaintext to the Rails.cache using the deterministic key storage..httpx...

8.2CVSS5.8AI score0.00129EPSS
Exploits0References3
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.29 views

Microsoft SharePoint Server - Authentication Bypass

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. id: CVE-2025-49706 info: name: Microsoft SharePoint Server - Authentication Bypass author: daffainfo severity: medium description: | Improper authentication in Microsoft Offi...

9.8CVSS7AI score0.99982EPSS
Exploits41References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 7:31 a.m.8 views

Security Bulletin: Multiple vulnerabilities affect IBM® SDK, Java™ Technology Edition for Content Collector for Email, Content Collector for File Systems and Content Collector for Microsoft SharePoint

Summary IBM SDK, Java Technology Edition Quarterly CPU - Apr 2026 - Includes Oracle April 2026 CPU Critical Patch Update CVE-2026-22016, CVE-2026-22021, CVE-2026-22013, CVE-2026-22018, CVE-2026-34268, CVE-2026-22007 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable...

7.5CVSS5.9AI score0.00702EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.34 views

Microsoft SharePoint Server - Remote Code Execution (ToolShell)

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. This vulnerability is part of the ToolShell exploit chain and when combined with CVE-2025-53771 authentication bypass, enables unauthenticated remote code...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References4
Nuclei
Nuclei
added 2026/06/22 5:20 a.m.22 views

Microsoft SharePoint Server - Authentication Bypass (ToolShell)

Microsoft Office SharePoint Server contains an improper authentication vulnerability that allows unauthorized attackers to perform spoofing over a network. By crafting a POST request to /layouts/15/ToolPane.aspx with a forged Referer header /layouts/SignOut.aspx, attackers can bypass authenticati...

9.8CVSS7.7AI score0.99982EPSS
Exploits41References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.7 views

CVE-2026-48560

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.00937EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.9 views

CVE-2026-48562

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

4.6CVSS7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.7 views

CVE-2026-47641

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-47640

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.8 views

CVE-2026-47639

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.7 views

CVE-2026-47637

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.00505EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.8 views

CVE-2026-47636

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.7 views

CVE-2026-47638

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.00505EPSS
Exploits0References1
Rows per page
Query Builder