256 matches found
CVE-2019-0604
CVE-2019-0604 affects Microsoft SharePoint and is a remote code execution vulnerability caused by improper checking of the source markup in application packages. Exploitation could run code in the SharePoint server context and farm account over the network (high severity: CVSS v3.1 = 9.8; CVSS 2....
CVE-2020-1147
CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...
CVE-2017-11826
CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...
CVE-2023-21716
CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...
CVE-2022-22005
CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...
CVE-2020-1025
CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...
CVE-2018-8628
CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...
CVE-2020-0929
CVE-2020-0929 (SharePoint RCE) : A remote code execution vulnerability in Microsoft SharePoint arises when the product fails to validate the source markup of an application package. Connected sources confirm this as a SharePoint RCE (via uploading a malicious application package) and cite the sam...
CVE-2020-0894
CVE-2020-0894 is a Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server caused by improper sanitization of crafted web requests. The CVE entry details an XSS flaw (distinct from CVE-2020-0893) with a NVD CVSS v3.1 base score of 5.4 (MEDIUM) and CVSS v2 base score of 3.5 (LOW). ...
CVE-2023-24955
CVE-2023-24955 affects Microsoft SharePoint Server and is a remote code execution vulnerability. The CISA/KEV records describe it as a code injection flaw that can be exploited by an authenticated attacker with Site Owner privileges to execute code remotely, indicating attacker-controlled code ex...
CVE-2020-16952
CVE-2020-16952 is a Microsoft SharePoint Remote Code Execution vulnerability where failure to validate the source markup of an application package allows an attacker to execute arbitrary code in the SharePoint app pool and server farm context. Exploitation requires uploading a specially crafted S...
CVE-2018-1028
CVE-2018-1028 is a remote code execution vulnerability in the Office graphics component that occurs when handling specially crafted embedded fonts. It affects Word, Microsoft Office, SharePoint, Excel, and SharePoint Server. Successful exploitation could allow an attacker to take control of the a...
CVE-2020-1210
CVE-2020-1210 affects Microsoft SharePoint. A remote code execution flaw arises when SharePoint fails to validate the source markup of an application package; an attacker must have a user upload a crafted SharePoint app package to an affected SharePoint version. The impact is arbitrary code execu...
CVE-2020-1181
CVE-2020-1181 affects Microsoft SharePoint Server, where the service may execute remote code when ASP.NET web controls are not properly identified/filtered. The root cause is improper handling of unsafe ASP.NET web controls, enabling an authenticated attacker to run code in the SharePoint applica...
CVE-2020-0932
CVE-2020-0932 is a remote code execution vulnerability affecting Microsoft SharePoint. The vulnerability arises when the product fails to validate the source markup of an application package, enabling an attacker to run arbitrary code in the SharePoint context. Connected documents corroborate an ...
CVE-2025-49706
CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that is exploited as part of the ToolShell chain to gain unauthenticated access and enable further exploitation (e.g., CVE-2025-53770 RCE). Public sources describe exploitation via ToolPane.aspx to bypass auth, lea...
CVE-2019-0594
CVE-2019-0594 is a Microsoft SharePoint remote code execution vulnerability caused by failing to validate the source markup of an application package. The issue can allow an attacker to execute code in the context of the SharePoint server when the package is processed. The description specifies S...
CVE-2019-1006
CVE-2019-1006 corresponds to an authentication bypass vulnerability in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) that allows signing SAML tokens with arbitrary symmetric keys. The connected Nessus entries reiterate this issue as part of Microsoft SharePoint serv...
CVE-2022-21968
Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.
CVE-2022-29108
CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...
CVE-2021-31181
CVE-2021-31181 – Microsoft SharePoint RCE is caused by EditingPageParser.VerifyControlOnSafeList failing to validate user input, enabling an attacker with SPBasePermissions.ManageLists to craft a SOAP payload that leaks the ViewState validation key and deserializes via LosFormatter (ysoserial.NET...
CVE-2020-16951
CVE-2020-16951 affects Microsoft SharePoint Server where the product fails to validate the source markup of an uploaded application package. The root cause is incorrect checking of source markup during package processing, enabling arbitrary code execution in the SharePoint application pool and fa...
CVE-2020-0931
CVE-2020-0931 is a remote code execution vulnerability in Microsoft SharePoint caused by the product failing to validate the source markup of an application package. The connected Nessus findings describe this as part of a set of SharePoint vulnerabilities, noting several RCEs that involve upload...
CVE-2021-40486
CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...
CVE-2021-41344
Technical details for CVE-2021-41344 are not provided in the connected documents. Public information about affected products, root cause, impact, or fix is not available here. Monitor for updates from official sources.
CVE-2021-40442
CVE-2021-40442 is a Microsoft Excel remote code execution vulnerability. The connected Nessus/NVIDIA sources reiterate that Excel can be exploited to run arbitrary code (RCE) on the target, with exploitation possible via Microsoft Excel/Office components. The vulnerability is addressed by Microso...
CVE-2018-0797
CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...
CVE-2023-24954
Public technical details (affected product, root cause, impact, or fixes) for CVE-2023-24954 are not provided in the connected documents. Monitor for updates from official advisories.
CVE-2020-0974
CVE-2020-0974 corresponds to a remote code execution vulnerability in Microsoft SharePoint: when the product fails to validate the source markup of an application package. Connected Nessus entries indicate multiple SharePoint-focused RCEs across several server versions, e.g., SharePoint Server 20...
CVE-2023-38177
CVE-2023-38177 is a Microsoft SharePoint Server remote code execution vulnerability. Public updates exist for multiple SharePoint products to remediate it: SharePoint Server 2016/Enterprise Server: KB5002517 (build 16.0.5422.1000) SharePoint Server 2019: KB5002526 (build 16.0.10404.20003) SharePo...
CVE-2019-1201
CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...
CVE-2020-1446
The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...
CVE-2020-16929
CVE-2020-16929 (Microsoft Excel RCE) is a remote code execution vulnerability caused by improper handling of in-memory objects. Successful exploitation requires a user to open a specially crafted Excel file, via email or web-hosted lure. If the user runs with administrative rights, an attacker co...
CVE-2021-40487
Technical details about CVE-2021-40487 are not publicly provided in the supplied documents. Monitor for updates.
CVE-2021-36940
CVE-2021-36940 is a Microsoft SharePoint Server spoofing vulnerability. Public details in connected docs identify affected products as SharePoint Server 2013, 2019, and related server components; root cause involves spoofing access to resources. Remediation is provided via security updates: KB401...
CVE-2023-24950
CVE-2023-24950 is a Microsoft SharePoint Server spoofing vulnerability. Public docs identify affected platforms as SharePoint Server (2016/2019 and Subscription Edition) and describe the root cause as a spoofing flaw in the server, enabling spoofing attacks. The connected Nessus entries tie this ...
CVE-2020-0927
Technical details about CVE-2020-0927 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2022-21840
CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...
CVE-2020-1102
CVE-2020-1102 is a remote code execution vulnerability in Microsoft SharePoint where the product fails to check the source markup of an application package. Connected Nessus entries indicate affected suites include: Microsoft SharePoint Server 2016 < 16.0.5005.1000 (multiple vulnerabilities in...
CVE-2022-21842
CVE-2022-21842 is a Microsoft Word remote code execution vulnerability. Connected sources indicate Word-related RCE, with exploits requiring user interaction or social engineering in some contexts, and that patches exist as part of January 2022 updates (e.g., KB5002113/KB5002118 for Word/SharePoi...
CVE-2021-24104
CVE-2021-24104 is a spoofing vulnerability in Microsoft SharePoint Server reported across multiple SharePoint releases (2013, 2016, 2019, and related Server deployments). The connected Nessus/NVD entries corroborate that this issue is part of a set of March 2021 security updates and is addressed ...
CVE-2020-16945
CVE-2020-16945 concerns a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where specially crafted web requests are not properly sanitized. An authenticated attacker could send such a request and, if successful, execute scripts in the security context of the current user. T...
CVE-2021-26420
CVE-2021-26420 is a Microsoft SharePoint Server Remote Code Execution vulnerability. Connected documents show a Microsoft security update KB5001944 that fixes this issue for SharePoint Server 2019 (64‑bit) and replaces prior updates. The update description confirms the vulnerability involves remo...
CVE-2021-1714
CVE-2021-1714 is an Excel remote code execution vulnerability affecting Microsoft Excel (Office). The connected sources indicate a vulnerability in Excel with a CVSS v3.1 base score of 7.8 (HIGH) and an attack vector LOCAL requiring user interaction, with confidentiality, integrity, and availabil...
CVE-2021-40485
CVE-2021-40485 is described as a Microsoft Excel Remote Code Execution vulnerability. The provided data cites a CVSSv3.1 base score of 7.8 (HIGH), with LOCAL attack vector, LOW attack complexity, NONE privileges required, and user interaction required; impact is HIGH for confidentiality, integrit...
CVE-2020-1148
Technical details for CVE-2020-1148 are not publicly available in the provided documents. Connected sources reference SharePoint spoofing vulnerabilities in general, but do not map concrete affected versions, root cause, or fixes. Monitor for updates.
CVE-2021-1715
CVE-2021-1715 is a Microsoft Word Remote Code Execution vulnerability. The CVE is referenced in several January 2021 security-update advisories (Word/Office products) and appears in Nessus plugins cataloging Word and Office patches alongside related CVEs (e.g., CVE-2021-1716). The connected docum...
CVE-2020-0850
CVE-2020-0850 is a Microsoft Word remote code execution vulnerability. The issue arises when Word fails to correctly handle objects in memory, enabling an attacker to craft a file that, when opened by a user, could execute code in the current user’s security context. Exploitation would require th...
CVE-2020-1198
CVE-2020-1198 is a Microsoft SharePoint Server XSS vulnerability where a crafted request to an affected SharePoint server is not properly sanitized. An authenticated attacker could execute scripts in the user’s browser, access data they aren’t authorized to read, and perform actions in the user’s...
CVE-2023-21717
CVE-2023-21717 affects Microsoft SharePoint Server as an Elevation of Privilege vulnerability. Connected sources confirm affected SharePoint Server family (2013/2016/2019 and Subscription/Foundation variants) with multiple references to CVE-21717 and CVE-21716; the exact root cause is not detaile...