Lucene search
K
MicrosoftSharepoint Server*

80 matches found

CVE
CVE
added 2025/07/20 1:6 a.m.1081 views

CVE-2025-53770

CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...

9.8CVSS6.8AI score0.99982EPSS
In wildWeb
CVE
CVE
added 2025/07/08 4:58 p.m.319 views

CVE-2025-49706

CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that is exploited as part of the ToolShell chain to gain unauthenticated access and enable further exploitation (e.g., CVE-2025-53770 RCE). Public sources describe exploitation via ToolPane.aspx to bypass auth, lea...

6.5CVSS7.5AI score0.99879EPSS
In wildWeb
CVE
CVE
added 2025/07/20 10:16 p.m.313 views

CVE-2025-53771

CVE-2025-53771 is an authentication spoofing (patch-bypass) vulnerability in Microsoft SharePoint Server on-premises, enabling bypass of access checks on /layouts/15/ToolPane.aspx (DisplayMode=Edit) via crafted Referer headers. Connected docs also describe a related RCE chain when paired with CVE...

6.5CVSS7.5AI score0.99911EPSS
In wild
CVE
CVE
added 2025/02/11 5:58 p.m.277 views

CVE-2025-21400

CVE-2025-21400 is a Microsoft SharePoint Server remote code execution vulnerability. Connected advisories confirm affected product is SharePoint Server with RCE impact and a CVSS v3.1 base score of 8.0 (High). Patches are available: KB5002681 (SharePoint Server Subscription Edition) and KB5002685...

8CVSS8AI score0.29778EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.166 views

CVE-2024-26251

CVE-2024-26251 refers to a Microsoft SharePoint Server spoofing vulnerability that allows an attacker to impersonate another user when a victim follows a rogue link. Connected sources confirm exploitation depends on social/drive-by user interaction, with root cause in improper spoofing/auth conte...

6.8CVSS8.8AI score0.01395EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.148 views

CVE-2026-45456

CVE-2026-45456 affects Microsoft Office apps (notably Outlook and Word) and is caused by a resource access type confusion that can lead to local code execution. The vulnerability allows an authenticated, local attacker to run arbitrary code without user interaction, with high impact on confidenti...

8.4CVSS5.7AI score0.00438EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.145 views

CVE-2024-30043

CVE-2024-30043 affects Microsoft SharePoint Server (on-premises) and is caused by improper restriction of XML External Entity (XXE) references, enabling information disclosure. Public details include an XXE exploit example for SharePoint Server 2019 and related advisories. Affected product/versio...

7.5CVSS6AI score0.54659EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.143 views

CVE-2024-30044

CVE-2024-30044 is a Microsoft SharePoint Server Remote Code Execution vulnerability reported across multiple feeds. The connected docs identify the affected product as SharePoint Server and describe a remote code execution flaw that could allow an attacker to run arbitrary code on the target syst...

7.2CVSS7AI score0.8399EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.129 views

CVE-2025-21348

CVE-2025-21348 is a Microsoft SharePoint Server remote code execution vulnerability. The CVSSv3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates network access with low attack complexity, requiring high privileges and no user interaction. The impact is high on confidentiality, integrity, ...

7.2CVSS7.2AI score0.01742EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.129 views

CVE-2025-29793

CVE-2025-29793 affects Microsoft SharePoint (Office SharePoint) and is a remote code execution vulnerability caused by deserialization of untrusted data. An authenticated attacker could execute code over the network on affected SharePoint deployments. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:...

7.2CVSS7.4AI score0.16014EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.129 views

CVE-2025-29794

CVE-2025-29794 is a Microsoft SharePoint Remote Code Execution vulnerability described as due to improper authorization in SharePoint, allowing an authenticated attacker to execute code over the network. The incident is documented across multiple sources confirming impact on SharePoint products a...

8.8CVSS7.4AI score0.04647EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.127 views

CVE-2025-21344

CVE-2025-21344 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server products. Connected sources confirm the issue as a remote code execution flaw impacting SharePoint Server installations (2016, Subscription Edition, 2019) and indicate Micro...

7.8CVSS7.8AI score0.00826EPSS
CVE
CVE
added 2024/06/11 5:0 p.m.126 views

CVE-2024-30100

CVE-2024-30100 is a Microsoft SharePoint Server remote code execution vulnerability. The Connected documents confirm a SharePoint Server remote code execution issue with official patches released (KB5002602 for SharePoint Server 2019, KB5002603 for SharePoint Server Subscription Edition, KB500260...

7.8CVSS7.8AI score0.01182EPSS
CVE
CVE
added 2025/01/14 6:4 p.m.97 views

CVE-2025-21393

CVE-2025-21393 affects Microsoft SharePoint Server (on‑prem). The vulnerability is described as a spoofing flaw that could allow impersonation of another user, with CVSS‑3.1 base metrics: Network access, low attack complexity, privileges required Low, user interaction required, confidentiality im...

6.3CVSS6.2AI score0.01041EPSS
CVE
CVE
added 2026/05/22 10:4 p.m.95 views

CVE-2026-45659

CVE-2026-45659 is a deserialization vulnerability in Microsoft SharePoint Server that enables an authorized attacker to execute code over a network. The root cause is unsafe deserialization via LosFormatter.Deserialize during processing of list items in Microsoft.SharePoint.Library, triggered by ...

8.8CVSS6AI score0.03219EPSS
In wild
CVE
CVE
added 2025/04/08 5:23 p.m.91 views

CVE-2025-27746

CVE-2025-27746 is a Microsoft Office remote-code-execution vulnerability caused by a use-after-free in Office components, enabling a local attacker to run code on the affected host. The CVE is discussed in multiple sources (Microsoft MSRC entry), and is addressed by April 2025 Office security upd...

7.8CVSS7.8AI score0.00779EPSS
CVE
CVE
added 2026/06/01 6:26 p.m.91 views

CVE-2026-47294

CVE-2026-47294 describes a SharePoint Server remote code execution via deserialization of untrusted data in Microsoft Office SharePoint. The vulnerability allows an authenticated, network-connected attacker to potentially run code on the affected server. The linked Microsoft advisories indicate t...

8CVSS5.5AI score0.00638EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.89 views

CVE-2025-47163

CVE-2025-47163 is a Microsoft SharePoint/SharePoint Server remote code execution vulnerability described as a deserialization of untrusted data that could allow an authorized attacker to execute code over a network. The CVE is documented across multiple sources (Microsoft MSRC advisories and CVE ...

8.8CVSS8.7AI score0.11509EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.86 views

CVE-2026-20963

CVE-2026-20963 is a Microsoft SharePoint vulnerability described as deserialization of untrusted data (CWE-502) that enables a network-based code execution attack. The current description states an unauthenticated attacker can execute code over the network. Vendor discussions note a CVSSv3.1 vect...

9.8CVSS6.2AI score0.31109EPSS
In wild
CVE
CVE
added 2025/05/13 4:58 p.m.85 views

CVE-2025-30384

CVE-2025-30384 describes a vulnerability in Microsoft Office SharePoint Server where deserialization of untrusted data can allow an unauthorized attacker to execute code locally. The affected products appear to be SharePoint Server variants (Enterprise/Standard) and SharePoint Server 2019/Subscri...

7.4CVSS7.4AI score0.0113EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.83 views

CVE-2025-30382

CVE-2025-30382 is a Microsoft SharePoint Server remote code execution vulnerability caused by deserialization of untrusted data in Office SharePoint. The CVE affects SharePoint Server environments and is exploitable locally with user interaction required (per CVSS vector: Local, Privileges=None, ...

7.8CVSS7.7AI score0.02123EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.82 views

CVE-2026-32201

CVE-2026-32201 is an improper input validation vulnerability in Microsoft SharePoint Server that allows an unauthenticated attacker to perform spoofing over a network. The advisory set describes an impact on confidentiality and integrity (viewing sensitive information and modifying disclosed data...

6.5CVSS5.8AI score0.24172EPSS
In wild
CVE
CVE
added 2025/05/13 4:58 p.m.80 views

CVE-2025-30378

CVE-2025-30378 is a Microsoft SharePoint vulnerability described as a deserialization of untrusted data in Office SharePoint that allows a local attacker to execute code. The NVD entry lists a CVSSv3.1 base score of 7.0 (HIGH) with LOCAL attack vector, HIGH impact to confidentiality, integrity, a...

7CVSS7.4AI score0.01153EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.80 views

CVE-2026-45458

Microsoft Office (including Outlook and Word) is affected by CVE-2026-45458 due to a type-confusion in resource access, enabling local code execution. The vulnerability arises when an incompatible type is accessed, with a local attack vector, no user interaction, and no privileges required. The C...

8.4CVSS7.2AI score0.00438EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.78 views

CVE-2025-29976

CVE-2025-29976 affects Microsoft SharePoint (Office SharePoint Server/SharePoint Server) with an elevation-of-privilege vulnerability due to improper privilege management. An attacker with local access and low privileges could elevate privileges on the affected system, as indicated by the CVE act...

7.8CVSS7.6AI score0.00547EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.76 views

CVE-2026-40365

CVE-2026-40365 : Microsoft SharePoint Server remote code execution due to insufficient granularity of access control. An authorized attacker can execute code over a network (CVSS v3.1: 8.8, HIGH; AV:N/AC:L/PR:L/UI:N/S:U). Public docs confirm the issue and that Microsoft released security updates ...

8.8CVSS6AI score0.00961EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.74 views

CVE-2025-47166

CVE-2025-47166 is a remote code execution vulnerability in Microsoft SharePoint Server/Office SharePoint caused by deserialization of untrusted data. An authenticated attacker could trigger code execution over the network on the affected server. The entry is tracked with a high CVSS v3.1 base sco...

8.8CVSS8.7AI score0.12606EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.72 views

CVE-2026-33112

Technical details for CVE-2026-33112 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.

8.8CVSS6AI score0.02108EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.71 views

CVE-2026-33110

CVE-2026-33110 describes a deserialization vulnerability in Microsoft SharePoint that could allow an authorized network attacker to execute code. Affected products include Microsoft SharePoint Server variants; the risk is tied to deserializing untrusted data. Remediations are provided by Microsof...

8.8CVSS6AI score0.01967EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.69 views

CVE-2026-40367

CVE-2026-40367 describes an Untrusted pointer dereference in Microsoft Word that enables local code execution. Based on the provided documents, the affected product is Microsoft Word (Office). The vulnerability allows an attacker to execute code locally without user interaction, as indicated by t...

8.4CVSS6AI score0.00453EPSS
CVE
CVE
added 2026/02/10 5:51 p.m.68 views

CVE-2026-21260

CVE-2026-21260 affects Microsoft Office Outlook, where exposure of sensitive information to an unauthorized actor enables network-based spoofing. The entry cites a CVSSv3.1 base score of 7.5 (HIGH) with an attack vector of NETWORK and no privileges required, but has no exploitation details in the...

7.5CVSS5.5AI score0.01425EPSS
CVE
CVE
added 2008/11/10 3:0 p.m.67 views

CVE-2008-5026

CVE-2008-5026 involves Microsoft SharePoint, where the Documents module allows uploading files using the same hostname/port as the site’s primary files. This enables remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) by uploading HTML documents...

3.5CVSS5.2AI score0.09385EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.64 views

CVE-2026-35439

CVE-2026-35439 is a remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data. An authorized attacker can exploit this over a network to execute code on affected systems. The CVE is associated with SharePoint Server (on‑premises) and the approv...

8.8CVSS6AI score0.02032EPSS
CVE
CVE
added 2025/09/09 5:0 p.m.59 views

CVE-2025-54897

CVE-2025-54897 is a Microsoft SharePoint remote code execution vulnerability caused by deserialization of untrusted data, enabling an authorized attacker to execute code over the network. The CVSSv3.1 base score is 8.8 ( HIGH ), with network access, low attack complexity, and low privileges requi...

8.8CVSS6.8AI score0.18084EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.59 views

CVE-2026-44819

CVE-2026-44819 affects Microsoft Office and is described as a heap-based buffer overflow that allows a local attacker to execute code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user interaction, with a high impact on confidentiality, integrit...

7.8CVSS6AI score0.00455EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.58 views

CVE-2025-53760

CVE-2025-53760 is a Microsoft SharePoint elevation-of-privilege vulnerability described as an SSRF issue that can allow an authorized attacker to gain elevated privileges over a network. The CVSS v3.1 score is 7.1 (HIGH) with Network attack vector, low attack complexity, and privileges required: ...

7.1CVSS7.1AI score0.11126EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.53 views

CVE-2025-49701

CVE-2025-49701 is a Microsoft SharePoint remote code execution vulnerability caused by improper authorization, enabling an authenticated attacker to execute code over the network. Public advisories confirm impact as remote code execution in SharePoint environments, with patched updates released i...

8.8CVSS6.8AI score0.00834EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.53 views

CVE-2026-20947

CVE-2026-20947 is a Microsoft SharePoint/Office SharePoint Remote Code Execution vulnerability caused by improper neutralization of SQL elements in SharePoint. An attacker can trigger code execution over the network with low privileges and no user interaction on affected SharePoint Server deploym...

8.8CVSS7.1AI score0.17948EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.52 views

CVE-2026-40357

Technical details for CVE-2026-40357 are not publicly available in the provided documents. Monitor for updates from Microsoft and CVE records.

8.8CVSS6AI score0.01698EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.51 views

CVE-2026-20943

CVE-2026-20943 is a Microsoft Office Click-To-Run remote code execution issue caused by an untrusted search path that could allow local code execution. Connected sources confirm affected Office variants and that Microsoft released security updates in January 2026 (e.g., KB5002828/KB5002822 for di...

7CVSS6.9AI score0.00628EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.45 views

CVE-2026-26105

CVE-2026-26105 : A cross-site scripting vulnerability in Microsoft SharePoint (Office SharePoint) arises from improper input neutralization during web page generation, enabling an attacker to spoof over a network. Connected sources corroborate spoofing/impersonation risk for SharePoint Server. Im...

9.3CVSS5.8AI score0.01262EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.44 views

CVE-2025-59228

CVE-2025-59228 corresponds to a Microsoft SharePoint remote code execution vulnerability caused by improper input validation. Affected component is SharePoint within Office ecosystem; exploitation allows an authorized attacker to execute arbitrary code over a network with low privileges and no us...

8.8CVSS6.9AI score0.01243EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.44 views

CVE-2025-59237

CVE-2025-59237 is a SharePoint remote code execution vulnerability described as deserialization of untrusted data allowing an authenticated attacker to run code over the network. The advisory includes a CVSS v3.1 base score of 8.8 (HIGH) with network access, low attack complexity, and privileges ...

8.8CVSS6.9AI score0.02245EPSS
CVE
CVE
added 2026/02/10 5:51 p.m.44 views

CVE-2026-21511

CVE-2026-21511 describes deserialization of untrusted data in Microsoft Office Outlook, enabling an unauthorized attacker to spoof over a network. Affected product: Microsoft Office Outlook. Root cause: unsafe deserialization of data. Impact: spoofing with network access; CVSS v3.1 base score 7.5...

7.5CVSS5.5AI score0.03635EPSS
CVE
CVE
added 2026/01/13 5:57 p.m.42 views

CVE-2026-20958

CVE-2026-20958 is a Microsoft SharePoint SSRF information-disclosure vulnerability. Affected product: Microsoft Office SharePoint (on-premises SharePoint Server/Subscription Edition). Description in sources: SSRF in SharePoint could permit an authorized attacker to disclose information over a net...

5.4CVSS6.1AI score0.00293EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.42 views

CVE-2026-45485

CVE-2026-45485: In Microsoft Office, an out-of-bounds read leads to local information disclosure. Documents confirm the vulnerability and its impact (local disclosure) with low severity (CVSS 3.1:3.3). Exploitation details and affected component/version specifics are not provided in the supplied ...

3.3CVSS5.4AI score0.00437EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.39 views

CVE-2026-33113

CVE-2026-33113 describes an issue in Microsoft Office SharePoint where improper neutralization of input during web page generation enables an authorized attacker to perform spoofing over a network. Affected component: SharePoint Server. Root cause: cross-site scripting due to inadequate input han...

6.1CVSS6.7AI score0.00522EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.38 views

CVE-2026-20951

CVE-2026-20951 is a Microsoft SharePoint Server Remote Code Execution vulnerability caused by improper input validation in SharePoint. The issue allows an unauthenticated or authenticated attacker to execute code locally on affected SharePoint Server deployments. Documented affected products incl...

7.8CVSS6.9AI score0.00771EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.38 views

CVE-2026-45454

The CVE-2026-45454 entry documents a path traversal flaw in Microsoft SharePoint that enables remote code execution when an authorized user accesses a restricted path over a network. The issue affects Microsoft Office SharePoint and is described consistently across multiple sources (NVD, RH, EU E...

8.8CVSS5.7AI score0.0163EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.36 views

CVE-2026-47298

CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...

8CVSS5.7AI score0.00669EPSS
Total number of security vulnerabilities80