Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

460 matches found

CVE•added 2019/03/06 12:0 a.m.•1570 views

CVE-2019-0604

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

9.8CVSS9.5AI score0.94411EPSS

CVE•added 2020/07/14 11:15 p.m.•1271 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92846EPSS

CVE•added 2015/04/14 8:59 p.m.•1154 views

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitra...

9.3CVSS9.4AI score0.9353EPSS

CVE•added 2019/01/08 9:29 p.m.•1134 views

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsof...

9.3CVSS8.3AI score0.32912EPSS

CVE•added 2014/03/25 1:24 p.m.•996 views

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers ...

9.3CVSS9.3AI score0.92827EPSS

CVE•added 2012/12/12 12:55 a.m.•944 views

CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote ...

9.3CVSS8.2AI score0.81896EPSS

CVE•added 2017/10/13 1:29 p.m.•914 views

CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly h...

9.3CVSS7.9AI score0.89654EPSS

CVE•added 2023/02/14 8:15 p.m.•575 views

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.91212EPSS

CVE•added 2022/02/09 5:15 p.m.•548 views

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.06013EPSS

CVE•added 2023/06/14 12:15 a.m.•546 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

9.8CVSS9.6AI score0.94356EPSS

CVE•added 2023/09/12 5:15 p.m.•537 views

CVE-2023-36762

Microsoft Word Remote Code Execution Vulnerability

7.3CVSS7.3AI score0.00128EPSS

CVE•added 2020/07/14 11:15 p.m.•514 views

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an ...

9.8CVSS9.4AI score0.09917EPSS

CVE•added 2018/12/12 12:29 a.m.•482 views

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

9.3CVSS6.1AI score0.35597EPSS

CVE•added 2023/09/12 5:15 p.m.•445 views

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

8.8CVSS8.5AI score0.01061EPSS

CVE•added 2020/03/12 4:15 p.m.•409 views

CVE-2020-0894

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/04/15 3:15 p.m.•400 views

CVE-2020-0929

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2020/10/16 11:15 p.m.•378 views

CVE-2020-16952

<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoin...

8.6CVSS8.1AI score0.77373EPSS

CVE•added 2018/04/12 1:29 a.m.•376 views

CVE-2018-1028

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

9.3CVSS8.3AI score0.29608EPSS

CVE•added 2023/05/09 6:15 p.m.•346 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS8.6AI score0.92058EPSS

CVE•added 2020/09/11 5:15 p.m.•331 views

CVE-2020-1210

9.9CVSS9.2AI score0.01305EPSS

CVE•added 2020/06/09 8:15 p.m.•326 views

CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.50181EPSS

CVE•added 2020/04/15 3:15 p.m.•298 views

CVE-2020-0932

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2019/07/15 7:15 p.m.•271 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2022/02/09 5:15 p.m.•258 views

CVE-2022-21968

Microsoft SharePoint Server Security Feature Bypass Vulnerability

4.3CVSS6.1AI score0.01618EPSS

CVE•added 2022/05/10 9:15 p.m.•256 views

CVE-2022-29108

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.03829EPSS

CVE•added 2025/02/11 6:15 p.m.•252 views

CVE-2025-21400

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS8AI score0.00345EPSS

CVE•added 2020/10/16 11:15 p.m.•244 views

CVE-2020-16951

8.6CVSS8.1AI score0.01431EPSS

CVE•added 2019/03/06 12:0 a.m.•241 views

CVE-2019-0594

8.8CVSS9.5AI score0.94411EPSS

CVE•added 2024/07/09 5:15 p.m.•241 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

7.2CVSS7.5AI score0.84422EPSS

CVE•added 2021/05/11 7:15 p.m.•240 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.18584EPSS

CVE•added 2017/05/12 2:29 p.m.•238 views

CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Serve...

9.3CVSS8.1AI score0.92255EPSS

CVE•added 2024/03/12 5:15 p.m.•234 views

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.01233EPSS

CVE•added 2020/04/15 3:15 p.m.•212 views

CVE-2020-0931

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2021/10/13 1:15 a.m.•205 views

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.06488EPSS

CVE•added 2022/06/15 10:15 p.m.•200 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2023/01/10 10:15 p.m.•197 views

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.16675EPSS

CVE•added 2021/06/08 11:15 p.m.•192 views

CVE-2021-31950

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.4AI score0.02015EPSS

CVE•added 2021/11/10 1:19 a.m.•191 views

CVE-2021-40442

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.03015EPSS

CVE•added 2023/05/09 6:15 p.m.•191 views

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.4AI score0.02411EPSS

CVE•added 2023/11/14 6:15 p.m.•190 views

CVE-2023-38177

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.8CVSS6.7AI score0.0083EPSS

CVE•added 2023/01/10 10:15 p.m.•189 views

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3CVSS6.4AI score0.0263EPSS

CVE•added 2021/10/13 1:15 a.m.•185 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.02746EPSS

CVE•added 2022/01/11 9:15 p.m.•184 views

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

9CVSS8.6AI score0.09593EPSS

CVE•added 2020/07/14 11:15 p.m.•179 views

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2018/08/15 5:29 p.m.•176 views

CVE-2018-8378

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft SharePoint Server, Microso...

5.5CVSS4.9AI score0.23003EPSS

CVE•added 2020/10/16 11:15 p.m.•176 views

CVE-2020-16929

<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with admin...

7.8CVSS7.9AI score0.11232EPSS

CVE•added 2018/09/13 12:29 a.m.•175 views

CVE-2018-8426

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.

5.4CVSS5.5AI score0.00257EPSS

CVE•added 2020/04/15 3:15 p.m.•175 views

CVE-2020-0974

8.8CVSS8.3AI score0.30943EPSS

CVE•added 2024/01/09 6:15 p.m.•175 views

CVE-2024-21318

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.6AI score0.15075EPSS

CVE•added 2021/10/13 1:15 a.m.•173 views

CVE-2021-40487

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.01524EPSS