Lucene search
K
MicrosoftSharepoint Enterprise Server

256 matches found

CVE
CVE
added 2019/03/06 12:0 a.m.1647 views

CVE-2019-0604

CVE-2019-0604 affects Microsoft SharePoint and is a remote code execution vulnerability caused by improper checking of the source markup in application packages. Exploitation could run code in the SharePoint server context and farm account over the network (high severity: CVSS v3.1 = 9.8; CVSS 2....

9.8CVSS9.5AI score0.99913EPSS
In wild
CVE
CVE
added 2020/07/14 10:54 p.m.1386 views

CVE-2020-1147

CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...

7.8CVSS8.1AI score0.94243EPSS
In wildWeb
CVE
CVE
added 2017/10/13 1:0 p.m.937 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81627EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.686 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2022/02/09 4:36 p.m.594 views

CVE-2022-22005

CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...

8.8CVSS8.8AI score0.16825EPSS
In wild
CVE
CVE
added 2020/07/14 10:53 p.m.543 views

CVE-2020-1025

CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...

9.8CVSS8.1AI score0.05853EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.503 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.433 views

CVE-2020-0929

CVE-2020-0929 (SharePoint RCE) : A remote code execution vulnerability in Microsoft SharePoint arises when the product fails to validate the source markup of an application package. Connected sources confirm this as a SharePoint RCE (via uploading a malicious application package) and cite the sam...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.428 views

CVE-2020-0894

CVE-2020-0894 is a Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server caused by improper sanitization of crafted web requests. The CVE entry details an XSS flaw (distinct from CVE-2020-0893) with a NVD CVSS v3.1 base score of 5.4 (MEDIUM) and CVSS v2 base score of 3.5 (LOW). ...

5.4CVSS5.1AI score0.01299EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.414 views

CVE-2023-24955

CVE-2023-24955 affects Microsoft SharePoint Server and is a remote code execution vulnerability. The CISA/KEV records describe it as a code injection flaw that can be exploited by an authenticated attacker with Site Owner privileges to execute code remotely, indicating attacker-controlled code ex...

7.2CVSS8.6AI score0.85395EPSS
In wildWeb
CVE
CVE
added 2020/10/16 10:18 p.m.406 views

CVE-2020-16952

CVE-2020-16952 is a Microsoft SharePoint Remote Code Execution vulnerability where failure to validate the source markup of an application package allows an attacker to execute arbitrary code in the SharePoint app pool and server farm context. Exploitation requires uploading a specially crafted S...

8.6CVSS8.7AI score0.70894EPSS
In wildWeb
CVE
CVE
added 2018/04/12 1:0 a.m.393 views

CVE-2018-1028

CVE-2018-1028 is a remote code execution vulnerability in the Office graphics component that occurs when handling specially crafted embedded fonts. It affects Word, Microsoft Office, SharePoint, Excel, and SharePoint Server. Successful exploitation could allow an attacker to take control of the a...

9.3CVSS8.3AI score0.19113EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.379 views

CVE-2020-1210

CVE-2020-1210 affects Microsoft SharePoint. A remote code execution flaw arises when SharePoint fails to validate the source markup of an application package; an attacker must have a user upload a crafted SharePoint app package to an affected SharePoint version. The impact is arbitrary code execu...

9.9CVSS9AI score0.0176EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.353 views

CVE-2020-1181

CVE-2020-1181 affects Microsoft SharePoint Server, where the service may execute remote code when ASP.NET web controls are not properly identified/filtered. The root cause is improper handling of unsafe ASP.NET web controls, enabling an authenticated attacker to run code in the SharePoint applica...

8.8CVSS8.6AI score0.69303EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.321 views

CVE-2020-0932

CVE-2020-0932 is a remote code execution vulnerability affecting Microsoft SharePoint. The vulnerability arises when the product fails to validate the source markup of an application package, enabling an attacker to run arbitrary code in the SharePoint context. Connected documents corroborate an ...

8.8CVSS8.3AI score0.31213EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.311 views

CVE-2025-49706

CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that is exploited as part of the ToolShell chain to gain unauthenticated access and enable further exploitation (e.g., CVE-2025-53770 RCE). Public sources describe exploitation via ToolPane.aspx to bypass auth, lea...

6.5CVSS7.5AI score0.99879EPSS
In wildWeb
CVE
CVE
added 2019/03/06 12:0 a.m.309 views

CVE-2019-0594

CVE-2019-0594 is a Microsoft SharePoint remote code execution vulnerability caused by failing to validate the source markup of an application package. The issue can allow an attacker to execute code in the context of the SharePoint server when the package is processed. The description specifies S...

8.8CVSS9.5AI score0.12389EPSS
In wild
CVE
CVE
added 2019/07/15 6:56 p.m.309 views

CVE-2019-1006

CVE-2019-1006 corresponds to an authentication bypass vulnerability in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) that allows signing SAML tokens with arbitrary symmetric keys. The connected Nessus entries reiterate this issue as part of Microsoft SharePoint serv...

7.5CVSS7.8AI score0.06024EPSS
CVE
CVE
added 2022/02/09 4:36 p.m.287 views

CVE-2022-21968

Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.

4.3CVSS6.1AI score0.02134EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.281 views

CVE-2022-29108

CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...

8.8CVSS8.7AI score0.10872EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.276 views

CVE-2021-31181

CVE-2021-31181 – Microsoft SharePoint RCE is caused by EditingPageParser.VerifyControlOnSafeList failing to validate user input, enabling an attacker with SPBasePermissions.ManageLists to craft a SOAP payload that leaks the ViewState validation key and deserializes via LosFormatter (ysoserial.NET...

8.8CVSS8.7AI score0.30045EPSS
Web
CVE
CVE
added 2020/10/16 10:18 p.m.267 views

CVE-2020-16951

CVE-2020-16951 affects Microsoft SharePoint Server where the product fails to validate the source markup of an uploaded application package. The root cause is incorrect checking of source markup during package processing, enabling arbitrary code execution in the SharePoint application pool and fa...

8.6CVSS8.7AI score0.01309EPSS
In wildWeb
CVE
CVE
added 2020/04/15 3:12 p.m.238 views

CVE-2020-0931

CVE-2020-0931 is a remote code execution vulnerability in Microsoft SharePoint caused by the product failing to validate the source markup of an application package. The connected Nessus findings describe this as part of a set of SharePoint vulnerabilities, noting several RCEs that involve upload...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.236 views

CVE-2021-40486

CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...

7.8CVSS7.7AI score0.05692EPSS
CVE
CVE
added 2021/10/13 12:28 a.m.218 views

CVE-2021-41344

Technical details for CVE-2021-41344 are not provided in the connected documents. Public information about affected products, root cause, impact, or fix is not available here. Monitor for updates from official sources.

8.8CVSS7.8AI score0.06131EPSS
CVE
CVE
added 2021/11/10 12:46 a.m.217 views

CVE-2021-40442

CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...

7.8CVSS7.6AI score0.0207EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2023/05/09 5:3 p.m.212 views

CVE-2023-24954

Public technical details (affected product, root cause, impact, or fixes) for CVE-2023-24954 are not provided in the connected documents. Monitor for updates from official advisories.

6.5CVSS6.4AI score0.01786EPSS
CVE
CVE
added 2020/04/15 3:13 p.m.208 views

CVE-2020-0974

CVE-2020-0974 corresponds to a remote code execution vulnerability in Microsoft SharePoint: when the product fails to validate the source markup of an application package. Connected Nessus entries indicate multiple SharePoint-focused RCEs across several server versions, e.g., SharePoint Server 20...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.205 views

CVE-2023-38177

CVE-2023-38177 is a Microsoft SharePoint Server remote code execution vulnerability. Public updates exist for multiple SharePoint products to remediate it: SharePoint Server 2016/Enterprise Server: KB5002517 (build 16.0.5422.1000) SharePoint Server 2019: KB5002526 (build 16.0.10404.20003) SharePo...

6.8CVSS6.7AI score0.03409EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.204 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
CVE
CVE
added 2020/10/16 10:17 p.m.196 views

CVE-2020-16929

CVE-2020-16929 (Microsoft Excel RCE) is a remote code execution vulnerability caused by improper handling of in-memory objects. Successful exploitation requires a user to open a specially crafted Excel file, via email or web-hosted lure. If the user runs with administrative rights, an attacker co...

7.8CVSS8.4AI score0.03424EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.190 views

CVE-2021-40487

Technical details about CVE-2021-40487 are not publicly provided in the supplied documents. Monitor for updates.

8.8CVSS7.8AI score0.46339EPSS
CVE
CVE
added 2021/08/12 6:12 p.m.189 views

CVE-2021-36940

CVE-2021-36940 is a Microsoft SharePoint Server spoofing vulnerability. Public details in connected docs identify affected products as SharePoint Server 2013, 2019, and related server components; root cause involves spoofing access to resources. Remediation is provided via security updates: KB401...

7.6CVSS5.5AI score0.03647EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.188 views

CVE-2023-24950

CVE-2023-24950 is a Microsoft SharePoint Server spoofing vulnerability. Public docs identify affected platforms as SharePoint Server (2016/2019 and Subscription Edition) and describe the root cause as a spoofing flaw in the server, enabling spoofing attacks. The connected Nessus entries tie this ...

6.5CVSS6.5AI score0.67452EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.187 views

CVE-2020-0927

Technical details about CVE-2020-0927 are not publicly provided in the supplied documents. Monitor for updates from official advisories.

5.4CVSS5.2AI score0.01522EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.187 views

CVE-2022-21840

CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...

8.8CVSS8.8AI score0.03115EPSS
CVE
CVE
added 2020/05/21 10:53 p.m.185 views

CVE-2020-1102

CVE-2020-1102 is a remote code execution vulnerability in Microsoft SharePoint where the product fails to check the source markup of an application package. Connected Nessus entries indicate affected suites include: Microsoft SharePoint Server 2016 < 16.0.5005.1000 (multiple vulnerabilities in...

8.8CVSS8.3AI score0.15134EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.180 views

CVE-2022-21842

CVE-2022-21842 is a Microsoft Word remote code execution vulnerability. Connected sources indicate Word-related RCE, with exploits requiring user interaction or social engineering in some contexts, and that patches exist as part of January 2022 updates (e.g., KB5002113/KB5002118 for Word/SharePoi...

7.8CVSS7.8AI score0.02271EPSS
CVE
CVE
added 2021/03/11 3:2 p.m.177 views

CVE-2021-24104

CVE-2021-24104 is a spoofing vulnerability in Microsoft SharePoint Server reported across multiple SharePoint releases (2013, 2016, 2019, and related Server deployments). The connected Nessus/NVD entries corroborate that this issue is part of a set of March 2021 security updates and is addressed ...

5.8CVSS4.9AI score0.01233EPSS
CVE
CVE
added 2020/10/16 10:18 p.m.171 views

CVE-2020-16945

CVE-2020-16945 concerns a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where specially crafted web requests are not properly sanitized. An authenticated attacker could send such a request and, if successful, execute scripts in the security context of the current user. T...

8.7CVSS7.7AI score0.01547EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.166 views

CVE-2021-26420

CVE-2021-26420 is a Microsoft SharePoint Server Remote Code Execution vulnerability. Connected documents show a Microsoft security update KB5001944 that fixes this issue for SharePoint Server 2019 (64‑bit) and replaces prior updates. The update description confirms the vulnerability involves remo...

8.8CVSS7.2AI score0.02962EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.165 views

CVE-2021-1714

CVE-2021-1714 is an Excel remote code execution vulnerability affecting Microsoft Excel (Office). The connected sources indicate a vulnerability in Excel with a CVSS v3.1 base score of 7.8 (HIGH) and an attack vector LOCAL requiring user interaction, with confidentiality, integrity, and availabil...

7.8CVSS7.8AI score0.03101EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.159 views

CVE-2021-40485

CVE-2021-40485 is described as a Microsoft Excel Remote Code Execution vulnerability. The provided data cites a CVSSv3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, NONE privileges required, and user interaction required; impact is HIGH for confidentiality, integrit...

7.8CVSS7.7AI score0.02545EPSS
CVE
CVE
added 2020/06/09 7:43 p.m.158 views

CVE-2020-1148

Technical details for CVE-2020-1148 are not publicly available in the provided documents. Connected sources reference SharePoint spoofing vulnerabilities in general, but do not map concrete affected versions, root cause, or fixes. Monitor for updates.

5.4CVSS5.7AI score0.01402EPSS
CVE
CVE
added 2021/01/12 7:42 p.m.157 views

CVE-2021-1715

CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...

9.3CVSS7.8AI score0.03614EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.156 views

CVE-2020-0850

CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...

8.8CVSS7.9AI score0.0861EPSS
CVE
CVE
added 2020/09/11 5:9 p.m.155 views

CVE-2020-1198

CVE-2020-1198 is a Microsoft SharePoint Server XSS vulnerability where a crafted request to an affected SharePoint server is not properly sanitized. An authenticated attacker could execute scripts in the user’s browser, access data they aren’t authorized to read, and perform actions in the user’s...

7.4CVSS7.3AI score0.02665EPSS
CVE
CVE
added 2023/02/14 7:33 p.m.150 views

CVE-2023-21717

CVE-2023-21717 affects Microsoft SharePoint Server as an Elevation of Privilege vulnerability. Connected sources confirm affected SharePoint Server family (2013/2016/2019 and Subscription/Foundation variants) with multiple references to CVE-21717 and CVE-21716; the exact root cause is not detaile...

8.8CVSS8.5AI score0.01095EPSS
Total number of security vulnerabilities256