Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List | Vulners.com

Lucene search

K

MicrosoftSharepoint Server

464 matches found

CVE•added 2019/03/06 12:0 a.m.•1605 views

CVE-2019-0604

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

9.8CVSS9.5AI score0.94411EPSS

CVE•added 2020/07/14 11:15 p.m.•1305 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92798EPSS

CVE•added 2015/04/14 8:59 p.m.•1187 views

CVE-2015-1641

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitra...

9.3CVSS9.4AI score0.93233EPSS

CVE•added 2019/01/08 9:29 p.m.•1135 views

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsof...

9.3CVSS8.3AI score0.32912EPSS

CVE•added 2014/03/25 1:24 p.m.•1028 views

CVE-2014-1761

Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Word Viewer; Office Compatibility Pack SP3; Office for Mac 2011; Word Automation Services on SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers ...

9.3CVSS9.3AI score0.92827EPSS

CVE•added 2012/12/12 12:55 a.m.•975 views

CVE-2012-2539

Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; and Office Web Apps 2010 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "Word RTF 'listoverridecount' Remote ...

9.3CVSS8.2AI score0.81896EPSS

CVE•added 2017/10/13 1:29 p.m.•919 views

CVE-2017-11826

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly h...

9.3CVSS7.9AI score0.89654EPSS

CVE•added 2025/07/20 1:15 a.m.•636 views

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...

9.8CVSS6.8AI score0.87002EPSS

CVE•added 2023/02/14 8:15 p.m.•609 views

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.91148EPSS

CVE•added 2023/06/14 12:15 a.m.•583 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

9.8CVSS9.6AI score0.94356EPSS

CVE•added 2022/02/09 5:15 p.m.•579 views

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.07047EPSS

CVE•added 2023/09/12 5:15 p.m.•539 views

CVE-2023-36762

Microsoft Word Remote Code Execution Vulnerability

7.3CVSS7.3AI score0.00128EPSS

CVE•added 2020/07/14 11:15 p.m.•517 views

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an ...

9.8CVSS9.4AI score0.09917EPSS

CVE•added 2018/12/12 12:29 a.m.•484 views

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

9.3CVSS6.1AI score0.35597EPSS

CVE•added 2023/09/12 5:15 p.m.•448 views

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

8.8CVSS8.5AI score0.01061EPSS

CVE•added 2020/03/12 4:15 p.m.•410 views

CVE-2020-0894

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/04/15 3:15 p.m.•409 views

CVE-2020-0929

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, C...

8.8CVSS8.3AI score0.28468EPSS

CVE•added 2020/10/16 11:15 p.m.•383 views

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.6CVSS8.1AI score0.77814EPSS

CVE•added 2018/04/12 1:29 a.m.•378 views

CVE-2018-1028

A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server.

9.3CVSS8.3AI score0.35708EPSS

CVE•added 2023/05/09 6:15 p.m.•376 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS8.6AI score0.92194EPSS

CVE•added 2020/09/11 5:15 p.m.•361 views

CVE-2020-1210

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

9.9CVSS9.2AI score0.00946EPSS

CVE•added 2020/06/09 8:15 p.m.•335 views

CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.5074EPSS

CVE•added 2020/04/15 3:15 p.m.•307 views

CVE-2020-0932

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, C...

8.8CVSS8.3AI score0.28468EPSS

CVE•added 2024/07/09 5:15 p.m.•287 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

7.2CVSS7.5AI score0.80789EPSS

CVE•added 2019/07/15 7:15 p.m.•276 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.02931EPSS

CVE•added 2019/03/06 12:0 a.m.•272 views

CVE-2019-0594

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0604.

8.8CVSS9.5AI score0.94411EPSS

CVE•added 2017/05/12 2:29 p.m.•271 views

CVE-2017-0281

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web Apps 2013 SP1, Project Server 2013 SP1, SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, SharePoint Foundation 2013 SP1, Sharepoint Serve...

9.3CVSS8.1AI score0.92255EPSS

CVE•added 2022/02/09 5:15 p.m.•259 views

CVE-2022-21968

Microsoft SharePoint Server Security Feature Bypass Vulnerability

4.3CVSS6.1AI score0.01755EPSS

CVE•added 2022/05/10 9:15 p.m.•258 views

CVE-2022-29108

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.03829EPSS

CVE•added 2025/02/11 6:15 p.m.•253 views

CVE-2025-21400

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS8AI score0.00342EPSS

CVE•added 2020/10/16 11:15 p.m.•245 views

CVE-2020-16951

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.6CVSS8.1AI score0.01932EPSS

CVE•added 2021/05/11 7:15 p.m.•242 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.18584EPSS

CVE•added 2024/03/12 5:15 p.m.•237 views

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0082EPSS

CVE•added 2025/07/08 5:15 p.m.•230 views

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.14385EPSS

CVE•added 2020/04/15 3:15 p.m.•223 views

CVE-2020-0931

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, C...

8.8CVSS8.3AI score0.28468EPSS

CVE•added 2025/07/20 11:15 p.m.•208 views

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.05808EPSS

CVE•added 2021/10/13 1:15 a.m.•206 views

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.06042EPSS

CVE•added 2023/01/10 10:15 p.m.•203 views

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.16313EPSS

CVE•added 2025/07/08 5:15 p.m.•203 views

CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8CVSS6.9AI score0.674EPSS

CVE•added 2022/06/15 10:15 p.m.•201 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2018/01/10 1:29 a.m.•198 views

CVE-2018-0797

Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way RTF content is handled, aka "Microsoft Word Memory Corruption Vulnerability".

9.3CVSS8.2AI score0.52483EPSS

CVE•added 2021/06/08 11:15 p.m.•193 views

CVE-2021-31950

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.4AI score0.02015EPSS

CVE•added 2021/11/10 1:19 a.m.•192 views

CVE-2021-40442

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.03753EPSS

CVE•added 2023/05/09 6:15 p.m.•192 views

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.4AI score0.02411EPSS

CVE•added 2023/11/14 6:15 p.m.•191 views

CVE-2023-38177

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.8CVSS6.7AI score0.0083EPSS

CVE•added 2023/01/10 10:15 p.m.•190 views

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3CVSS6.4AI score0.02227EPSS

CVE•added 2021/10/13 1:15 a.m.•188 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0342EPSS

CVE•added 2022/01/11 9:15 p.m.•185 views

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

9CVSS8.6AI score0.09593EPSS

CVE•added 2020/04/15 3:15 p.m.•184 views

CVE-2020-0974

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, C...

8.8CVSS8.3AI score0.28468EPSS

CVE•added 2020/07/14 11:15 p.m.•180 views

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

8.8CVSS8.8AI score0.43263EPSS

Total number of security vulnerabilities464