Lucene search
K
MicrosoftSharepoint Server

509 matches found

CVE
CVE
added 2019/03/06 12:0 a.m.1647 views

CVE-2019-0604

CVE-2019-0604 affects Microsoft SharePoint and is a remote code execution vulnerability caused by improper checking of the source markup in application packages. Exploitation could run code in the SharePoint server context and farm account over the network (high severity: CVSS v3.1 = 9.8; CVSS 2....

9.8CVSS9.5AI score0.99913EPSS
In wild
CVE
CVE
added 2020/07/14 10:54 p.m.1386 views

CVE-2020-1147

CVE-2020-1147 affects the .NET Framework, SharePoint Server, and Visual Studio. The root cause is improper handling of XML input, specifically a failure to validate the source markup during deserialization, which can lead to remote code execution. The vulnerability is characterized by the ability...

7.8CVSS8.1AI score0.94243EPSS
In wildWeb
CVE
CVE
added 2015/04/14 8:0 p.m.1219 views

CVE-2015-1641

CVE-2015-1641 is a Microsoft Office memory-corruption vulnerability triggered by crafted RTF documents. Affected products include Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoin...

9.3CVSS9.4AI score0.97327EPSS
In wild
CVE
CVE
added 2019/01/08 9:0 p.m.1182 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.21967EPSS
CVE
CVE
added 2025/07/20 1:6 a.m.1073 views

CVE-2025-53770

CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...

9.8CVSS6.8AI score0.99982EPSS
In wildWeb
CVE
CVE
added 2014/03/24 7:0 p.m.1062 views

CVE-2014-1761

CVE-2014-1761 is a memory-corruption vulnerability in Microsoft Word triggered by crafted RTF data, allowing remote code execution or memory-corruption denial of service. Affected products include Word 2003 SP3, 2007 SP3, 2010 SP1/SP2, 2013 and 2013 RT, Word Viewer, Office Compatibility Pack SP3,...

9.3CVSS9.3AI score0.77734EPSS
In wild
CVE
CVE
added 2012/12/12 12:0 a.m.996 views

CVE-2012-2539

CVE-2012-2539 is Microsoft Word remote code execution vulnerability caused by parsing crafted RTF data (Word RTF 'listoverridecount'). It affects Word 2003 SP3, 2007 SP2/SP3, 2010 SP1; Word Viewer; Office Compatibility Pack SP2/SP3; and Office Web Apps 2010 SP1. The underlying issue is memory cor...

9.3CVSS8.2AI score0.53159EPSS
In wild
CVE
CVE
added 2017/10/13 1:0 p.m.936 views

CVE-2017-11826

CVE-2017-11826 is a remote code execution flaw in Microsoft Office family (Word, Word Viewer, Office Web Apps Server, SharePoint components, etc.) caused by improper handling of objects in memory. Affected products include Word and related Office/SharePoint servers; exploitation is possible via s...

9.3CVSS7.9AI score0.81627EPSS
In wild
CVE
CVE
added 2023/02/14 7:33 p.m.686 views

CVE-2023-21716

CVE-2023-21716 corresponds to a Microsoft Word/Office remote code execution vulnerability. A heap corruption flaw resides in Word’s wwlib when parsing RTF font tables with an excessive number of fonts in the fonttbl, causing an out-of-bounds write that can lead to arbitrary code execution when a ...

9.8CVSS9.6AI score0.82302EPSS
In wild
CVE
CVE
added 2023/06/13 11:26 p.m.628 views

CVE-2023-29357

CVE-2023-29357 is a Microsoft SharePoint Server Elevation of Privilege vulnerability. The root cause is an incorrect authentication implementation that allows an unauthenticated attacker to spoof JWT authentication tokens, enabling them to execute with administrator privileges on affected SharePo...

9.8CVSS9.6AI score0.99618EPSS
In wild
CVE
CVE
added 2022/02/09 4:36 p.m.594 views

CVE-2022-22005

CVE-2022-22005 – Microsoft SharePoint Server RCE is an authenticated-execution flaw in SharePoint Server. The initial document states that an authenticated user with Manage Lists permissions could cause arbitrary .NET code to run on the SharePoint Web Application service account. Exploitation wou...

8.8CVSS8.8AI score0.16825EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.570 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2020/07/14 10:53 p.m.543 views

CVE-2020-1025

CVE-2020-1025 affects Microsoft SharePoint Server and Skype for Business Server. The vulnerability is an elevation of privilege caused by improper OAuth token validation, enabling an attacker to bypass authentication by modifying the token. The published fixes modify how tokens are validated to a...

9.8CVSS8.1AI score0.05853EPSS
CVE
CVE
added 2018/12/12 12:0 a.m.503 views

CVE-2018-8628

CVE-2018-8628 is a remote code execution vulnerability affecting Microsoft PowerPoint and related Office components (Office, SharePoint, PowerPoint Viewer, etc.) caused by improper handling of objects in memory. The Nessus/OpenVAS entries confirm the vulnerability across PowerPoint and Office pro...

9.3CVSS6.1AI score0.162EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.467 views

CVE-2023-36764

CVE-2023-36764 affects Microsoft SharePoint Server and is an Elevation of Privilege vulnerability. The connected CNVD entry confirms an elevation of privilege issue exists in SharePoint Server; MSRC details indicate a patch exists for SharePoint Server 2019 (KB5002472). The remediation requires i...

8.8CVSS8.5AI score0.02254EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.433 views

CVE-2020-0929

CVE-2020-0929 (SharePoint RCE) : A remote code execution vulnerability in Microsoft SharePoint arises when the product fails to validate the source markup of an application package. Connected sources confirm this as a SharePoint RCE (via uploading a malicious application package) and cite the sam...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2020/03/12 3:48 p.m.428 views

CVE-2020-0894

CVE-2020-0894 is a Cross-Site Scripting (XSS) vulnerability in Microsoft SharePoint Server caused by improper sanitization of crafted web requests. The CVE entry details an XSS flaw (distinct from CVE-2020-0893) with a NVD CVSS v3.1 base score of 5.4 (MEDIUM) and CVSS v2 base score of 3.5 (LOW). ...

5.4CVSS5.1AI score0.01299EPSS
CVE
CVE
added 2023/05/09 5:3 p.m.414 views

CVE-2023-24955

CVE-2023-24955 affects Microsoft SharePoint Server and is a remote code execution vulnerability. The CISA/KEV records describe it as a code injection flaw that can be exploited by an authenticated attacker with Site Owner privileges to execute code remotely, indicating attacker-controlled code ex...

7.2CVSS8.6AI score0.85395EPSS
In wildWeb
CVE
CVE
added 2020/10/16 10:18 p.m.406 views

CVE-2020-16952

CVE-2020-16952 is a Microsoft SharePoint Remote Code Execution vulnerability where failure to validate the source markup of an application package allows an attacker to execute arbitrary code in the SharePoint app pool and server farm context. Exploitation requires uploading a specially crafted S...

8.6CVSS8.7AI score0.70894EPSS
In wildWeb
CVE
CVE
added 2020/09/11 5:9 p.m.379 views

CVE-2020-1210

CVE-2020-1210 affects Microsoft SharePoint. A remote code execution flaw arises when SharePoint fails to validate the source markup of an application package; an attacker must have a user upload a crafted SharePoint app package to an affected SharePoint version. The impact is arbitrary code execu...

9.9CVSS9AI score0.0176EPSS
In wild
CVE
CVE
added 2020/06/09 7:43 p.m.353 views

CVE-2020-1181

CVE-2020-1181 affects Microsoft SharePoint Server, where the service may execute remote code when ASP.NET web controls are not properly identified/filtered. The root cause is improper handling of unsafe ASP.NET web controls, enabling an authenticated attacker to run code in the SharePoint applica...

8.8CVSS8.6AI score0.69303EPSS
CVE
CVE
added 2024/07/09 5:3 p.m.343 views

CVE-2024-38094

CVE-2024-38094 is a Microsoft SharePoint deserialization vulnerability that allows remote code execution. Connected sources indicate an authenticated attacker with Site Owner permissions can inject and execute arbitrary code on the SharePoint server, with exploit activity noted in the wild (CISA ...

7.2CVSS7.5AI score0.49979EPSS
In wild
CVE
CVE
added 2020/04/15 3:12 p.m.321 views

CVE-2020-0932

CVE-2020-0932 is a remote code execution vulnerability affecting Microsoft SharePoint. The vulnerability arises when the product fails to validate the source markup of an application package, enabling an attacker to run arbitrary code in the SharePoint context. Connected documents corroborate an ...

8.8CVSS8.3AI score0.31213EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.311 views

CVE-2025-49706

CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that is exploited as part of the ToolShell chain to gain unauthenticated access and enable further exploitation (e.g., CVE-2025-53770 RCE). Public sources describe exploitation via ToolPane.aspx to bypass auth, lea...

6.5CVSS7.5AI score0.99879EPSS
In wildWeb
CVE
CVE
added 2019/03/06 12:0 a.m.309 views

CVE-2019-0594

CVE-2019-0594 is a Microsoft SharePoint remote code execution vulnerability caused by failing to validate the source markup of an application package. The issue can allow an attacker to execute code in the context of the SharePoint server when the package is processed. The description specifies S...

8.8CVSS9.5AI score0.12389EPSS
In wild
CVE
CVE
added 2019/07/15 6:56 p.m.309 views

CVE-2019-1006

CVE-2019-1006 corresponds to an authentication bypass vulnerability in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF) that allows signing SAML tokens with arbitrary symmetric keys. The connected Nessus entries reiterate this issue as part of Microsoft SharePoint serv...

7.5CVSS7.8AI score0.06024EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.307 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.80734EPSS
In wild
CVE
CVE
added 2025/07/20 10:16 p.m.302 views

CVE-2025-53771

CVE-2025-53771 is an authentication spoofing (patch-bypass) vulnerability in Microsoft SharePoint Server on-premises, enabling bypass of access checks on /layouts/15/ToolPane.aspx (DisplayMode=Edit) via crafted Referer headers. Connected docs also describe a related RCE chain when paired with CVE...

6.5CVSS7.5AI score0.99911EPSS
In wildWeb
CVE
CVE
added 2022/02/09 4:36 p.m.287 views

CVE-2022-21968

Technical details about CVE-2022-21968 are not provided in the supplied connected documents. Monitor for updates from official sources to obtain affected products, root cause, impact, and remediation information.

4.3CVSS6.1AI score0.02134EPSS
CVE
CVE
added 2022/05/10 8:34 p.m.281 views

CVE-2022-29108

CVE-2022-29108 affects Microsoft SharePoint Server. The connected docs confirm a remote code execution vulnerability with high impact (CVSS 3.1 base 8.8; CVSS 2.0 base 6.5). Remediation: apply the security update KB5002203 for SharePoint Foundation 2013 and follow Microsoft guidance to mitigate. ...

8.8CVSS8.7AI score0.10872EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.277 views

CVE-2025-49704

CVE-2025-49704 (SharePoint on‑premises) is part of the ToolShell chain that combines CVE-2025-49706 (authentication bypass) with a deserialization/RCE flaw. Public docs describe unauthenticated or spoofed-access POSTs to ToolPane.aspx, enabling remote code execution and post‑exploitation activity...

8.8CVSS6.9AI score0.99907EPSS
In wild
CVE
CVE
added 2021/05/11 7:11 p.m.276 views

CVE-2021-31181

CVE-2021-31181 – Microsoft SharePoint RCE is caused by EditingPageParser.VerifyControlOnSafeList failing to validate user input, enabling an attacker with SPBasePermissions.ManageLists to craft a SOAP payload that leaks the ViewState validation key and deserializes via LosFormatter (ysoserial.NET...

8.8CVSS8.7AI score0.30045EPSS
Web
CVE
CVE
added 2025/02/11 5:58 p.m.276 views

CVE-2025-21400

CVE-2025-21400 is a Microsoft SharePoint Server remote code execution vulnerability. Connected advisories confirm affected product is SharePoint Server with RCE impact and a CVSS v3.1 base score of 8.0 (High). Patches are available: KB5002681 (SharePoint Server Subscription Edition) and KB5002685...

8CVSS8AI score0.29778EPSS
CVE
CVE
added 2020/10/16 10:18 p.m.267 views

CVE-2020-16951

CVE-2020-16951 affects Microsoft SharePoint Server where the product fails to validate the source markup of an uploaded application package. The root cause is incorrect checking of source markup during package processing, enabling arbitrary code execution in the SharePoint application pool and fa...

8.6CVSS8.7AI score0.01309EPSS
In wildWeb
CVE
CVE
added 2024/03/12 4:57 p.m.262 views

CVE-2024-21426

CVE-2024-21426 is a Microsoft SharePoint Server remote code execution vulnerability. Publicly documented impact affects multiple SharePoint products, including SharePoint Server 2019, SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and related on-premises deployments. R...

7.8CVSS7.7AI score0.03901EPSS
CVE
CVE
added 2020/04/15 3:12 p.m.238 views

CVE-2020-0931

CVE-2020-0931 is a remote code execution vulnerability in Microsoft SharePoint caused by the product failing to validate the source markup of an application package. The connected Nessus findings describe this as part of a set of SharePoint vulnerabilities, noting several RCEs that involve upload...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2021/10/13 12:27 a.m.236 views

CVE-2021-40486

CVE-2021-40486 is a Microsoft Word remote code execution vulnerability. It can be triggered by viewing a specially crafted Word document, with attack vectors potentially including the Preview Pane. Microsoft released a patch (KB5002004) in Oct 2021 addressing Word RCE (Word 2016 context in the KB...

7.8CVSS7.7AI score0.05692EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.227 views

CVE-2023-21742

CVE-2023-21742 affects Microsoft SharePoint Server family. A GitHub PoC for CVE-2023-21742 demonstrates an Improper Access Control path in SharePoint’s webpartpages (POST to _vti_bin/webpartpages.asmx, ConvertWebPartFormat) that leaks an attribute/property; the PoC explicitly notes it is not a fu...

8.8CVSS8.8AI score0.55786EPSS
CVE
CVE
added 2021/10/13 12:28 a.m.218 views

CVE-2021-41344

Technical details for CVE-2021-41344 are not provided in the connected documents. Public information about affected products, root cause, impact, or fix is not available here. Monitor for updates from official sources.

8.8CVSS7.8AI score0.06131EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.218 views

CVE-2022-30172

CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...

5.5CVSS6AI score0.02602EPSS
CVE
CVE
added 2018/01/10 1:0 a.m.213 views

CVE-2018-0797

CVE-2018-0797 affects Microsoft Word components in Office 2010/2013/2016 where remote code execution can occur through specially crafted RTF content due to memory handling. Public details show Word memory corruption vulnerability enabling code execution when opening malicious files. Microsoft rel...

9.3CVSS8.2AI score0.24764EPSS
In wild
CVE
CVE
added 2023/05/09 5:3 p.m.212 views

CVE-2023-24954

Public technical details (affected product, root cause, impact, or fixes) for CVE-2023-24954 are not provided in the connected documents. Monitor for updates from official advisories.

6.5CVSS6.4AI score0.01786EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.211 views

CVE-2021-31950

CVE-2021-31950 is an on‑premises Microsoft SharePoint Server spoofing vulnerability (CWE: spoofing) with a documented SSRF/Server‑Side Request Forgery angle. Public details tie exploitation to SharePoint Server 16.0.x (example: 16.0.10372.20060) via GetXmlDataFromDataSource, enabling content spoo...

8.1CVSS7.4AI score0.04563EPSS
Web
CVE
CVE
added 2020/04/15 3:13 p.m.208 views

CVE-2020-0974

CVE-2020-0974 corresponds to a remote code execution vulnerability in Microsoft SharePoint: when the product fails to validate the source markup of an application package. Connected Nessus entries indicate multiple SharePoint-focused RCEs across several server versions, e.g., SharePoint Server 20...

8.8CVSS8.3AI score0.10695EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.206 views

CVE-2023-21743

Mode C CVE-2023-21743 affects Microsoft SharePoint Server and is a security feature bypass vulnerability. An unauthenticated attacker could bypass authentication and establish an anonymous connection to a vulnerable SharePoint farm. Exploitation requires triggering a SharePoint upgrade action, wh...

5.3CVSS6.4AI score0.01124EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.205 views

CVE-2022-21837

CVE-2022-21837 is a remote code execution vulnerability in Microsoft SharePoint Server (on‑prem). Connected sources confirm that exploitation could allow an attacker to run arbitrary code on the SharePoint server (e.g., potentially escalate to SharePoint admin) if the vulnerable SharePoint Server...

9CVSS8.6AI score0.03023EPSS
CVE
CVE
added 2023/11/14 5:57 p.m.205 views

CVE-2023-38177

CVE-2023-38177 is a Microsoft SharePoint Server remote code execution vulnerability. Public updates exist for multiple SharePoint products to remediate it: SharePoint Server 2016/Enterprise Server: KB5002517 (build 16.0.5422.1000) SharePoint Server 2019: KB5002526 (build 16.0.10404.20003) SharePo...

6.8CVSS6.7AI score0.03409EPSS
CVE
CVE
added 2019/08/14 8:55 p.m.204 views

CVE-2019-1201

CVE-2019-1201 affects Microsoft Word; it is a remote code execution in Word’s memory handling when processing crafted files. Exploitation requires a user to open a specially crafted Word document, with attack vectors including email attachments (or previews in Outlook) and web-hosted files. The v...

9.3CVSS8AI score0.0486EPSS
CVE
CVE
added 2024/01/09 5:57 p.m.202 views

CVE-2024-21318

CVE-2024-21318 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 8.8 ( HIGH ) with network attack vector, low attack complexity, and privileges required as LOW, no user interaction, and impact on confidenti...

8.8CVSS8.6AI score0.30801EPSS
CVE
CVE
added 2020/07/14 10:54 p.m.201 views

CVE-2020-1446

The CVE-2020-1446 entry describes a remote code execution vulnerability in Microsoft Word arising from improper handling of memory objects. The vulnerability affects Microsoft Word and allows an attacker to craft a file that, when opened by a user, could execute actions in the security context of...

8.8CVSS8.8AI score0.11278EPSS
Total number of security vulnerabilities509