80 matches found
CVE-2025-53770
CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...
CVE-2025-49706
CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that is exploited as part of the ToolShell chain to gain unauthenticated access and enable further exploitation (e.g., CVE-2025-53770 RCE). Public sources describe exploitation via ToolPane.aspx to bypass auth, lea...
CVE-2025-53771
CVE-2025-53771 is an authentication spoofing (patch-bypass) vulnerability in Microsoft SharePoint Server on-premises, enabling bypass of access checks on /layouts/15/ToolPane.aspx (DisplayMode=Edit) via crafted Referer headers. Connected docs also describe a related RCE chain when paired with CVE...
CVE-2025-21400
CVE-2025-21400 is a Microsoft SharePoint Server remote code execution vulnerability. Connected advisories confirm affected product is SharePoint Server with RCE impact and a CVSS v3.1 base score of 8.0 (High). Patches are available: KB5002681 (SharePoint Server Subscription Edition) and KB5002685...
CVE-2024-26251
CVE-2024-26251 refers to a Microsoft SharePoint Server spoofing vulnerability that allows an attacker to impersonate another user when a victim follows a rogue link. Connected sources confirm exploitation depends on social/drive-by user interaction, with root cause in improper spoofing/auth conte...
CVE-2026-45456
CVE-2026-45456 affects Microsoft Office apps (notably Outlook and Word) and is caused by a resource access type confusion that can lead to local code execution. The vulnerability allows an authenticated, local attacker to run arbitrary code without user interaction, with high impact on confidenti...
CVE-2024-30043
CVE-2024-30043 affects Microsoft SharePoint Server (on-premises) and is caused by improper restriction of XML External Entity (XXE) references, enabling information disclosure. Public details include an XXE exploit example for SharePoint Server 2019 and related advisories. Affected product/versio...
CVE-2024-30044
CVE-2024-30044 is a Microsoft SharePoint Server Remote Code Execution vulnerability reported across multiple feeds. The connected docs identify the affected product as SharePoint Server and describe a remote code execution flaw that could allow an attacker to run arbitrary code on the target syst...
CVE-2025-21348
CVE-2025-21348 is a Microsoft SharePoint Server remote code execution vulnerability. The CVSSv3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) indicates network access with low attack complexity, requiring high privileges and no user interaction. The impact is high on confidentiality, integrity, ...
CVE-2025-29793
CVE-2025-29793 affects Microsoft SharePoint (Office SharePoint) and is a remote code execution vulnerability caused by deserialization of untrusted data. An authenticated attacker could execute code over the network on affected SharePoint deployments. The CVSSv3.1 vector is CVSS:3.1/AV:N/AC:L/PR:...
CVE-2025-29794
CVE-2025-29794 is a Microsoft SharePoint Remote Code Execution vulnerability described as due to improper authorization in SharePoint, allowing an authenticated attacker to execute code over the network. The incident is documented across multiple sources confirming impact on SharePoint products a...
CVE-2025-21344
CVE-2025-21344 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server products. Connected sources confirm the issue as a remote code execution flaw impacting SharePoint Server installations (2016, Subscription Edition, 2019) and indicate Micro...
CVE-2024-30100
CVE-2024-30100 is a Microsoft SharePoint Server remote code execution vulnerability. The Connected documents confirm a SharePoint Server remote code execution issue with official patches released (KB5002602 for SharePoint Server 2019, KB5002603 for SharePoint Server Subscription Edition, KB500260...
CVE-2025-21393
CVE-2025-21393 affects Microsoft SharePoint Server (on‑prem). The vulnerability is described as a spoofing flaw that could allow impersonation of another user, with CVSS‑3.1 base metrics: Network access, low attack complexity, privileges required Low, user interaction required, confidentiality im...
CVE-2026-45659
CVE-2026-45659 is a deserialization vulnerability in Microsoft SharePoint Server that enables an authorized attacker to execute code over a network. The root cause is unsafe deserialization via LosFormatter.Deserialize during processing of list items in Microsoft.SharePoint.Library, triggered by ...
CVE-2025-27746
CVE-2025-27746 is a Microsoft Office remote-code-execution vulnerability caused by a use-after-free in Office components, enabling a local attacker to run code on the affected host. The CVE is discussed in multiple sources (Microsoft MSRC entry), and is addressed by April 2025 Office security upd...
CVE-2026-47294
CVE-2026-47294 describes a SharePoint Server remote code execution via deserialization of untrusted data in Microsoft Office SharePoint. The vulnerability allows an authenticated, network-connected attacker to potentially run code on the affected server. The linked Microsoft advisories indicate t...
CVE-2025-47163
CVE-2025-47163 is a Microsoft SharePoint/SharePoint Server remote code execution vulnerability described as a deserialization of untrusted data that could allow an authorized attacker to execute code over a network. The CVE is documented across multiple sources (Microsoft MSRC advisories and CVE ...
CVE-2026-20963
CVE-2026-20963 is a Microsoft SharePoint vulnerability described as deserialization of untrusted data (CWE-502) that enables a network-based code execution attack. The current description states an unauthenticated attacker can execute code over the network. Vendor discussions note a CVSSv3.1 vect...
CVE-2025-30384
CVE-2025-30384 describes a vulnerability in Microsoft Office SharePoint Server where deserialization of untrusted data can allow an unauthorized attacker to execute code locally. The affected products appear to be SharePoint Server variants (Enterprise/Standard) and SharePoint Server 2019/Subscri...
CVE-2025-30382
CVE-2025-30382 is a Microsoft SharePoint Server remote code execution vulnerability caused by deserialization of untrusted data in Office SharePoint. The CVE affects SharePoint Server environments and is exploitable locally with user interaction required (per CVSS vector: Local, Privileges=None, ...
CVE-2026-32201
CVE-2026-32201 is an improper input validation vulnerability in Microsoft SharePoint Server that allows an unauthenticated attacker to perform spoofing over a network. The advisory set describes an impact on confidentiality and integrity (viewing sensitive information and modifying disclosed data...
CVE-2025-30378
CVE-2025-30378 is a Microsoft SharePoint vulnerability described as a deserialization of untrusted data in Office SharePoint that allows a local attacker to execute code. The NVD entry lists a CVSSv3.1 base score of 7.0 (HIGH) with LOCAL attack vector, HIGH impact to confidentiality, integrity, a...
CVE-2026-45458
Microsoft Office (including Outlook and Word) is affected by CVE-2026-45458 due to a type-confusion in resource access, enabling local code execution. The vulnerability arises when an incompatible type is accessed, with a local attack vector, no user interaction, and no privileges required. The C...
CVE-2025-29976
CVE-2025-29976 affects Microsoft SharePoint (Office SharePoint Server/SharePoint Server) with an elevation-of-privilege vulnerability due to improper privilege management. An attacker with local access and low privileges could elevate privileges on the affected system, as indicated by the CVE act...
CVE-2026-40365
CVE-2026-40365 : Microsoft SharePoint Server remote code execution due to insufficient granularity of access control. An authorized attacker can execute code over a network (CVSS v3.1: 8.8, HIGH; AV:N/AC:L/PR:L/UI:N/S:U). Public docs confirm the issue and that Microsoft released security updates ...
CVE-2025-47166
CVE-2025-47166 is a remote code execution vulnerability in Microsoft SharePoint Server/Office SharePoint caused by deserialization of untrusted data. An authenticated attacker could trigger code execution over the network on the affected server. The entry is tracked with a high CVSS v3.1 base sco...
CVE-2026-33112
Technical details for CVE-2026-33112 are not publicly available in the provided documents. Monitor for updates from vendors and security advisories.
CVE-2026-33110
CVE-2026-33110 describes a deserialization vulnerability in Microsoft SharePoint that could allow an authorized network attacker to execute code. Affected products include Microsoft SharePoint Server variants; the risk is tied to deserializing untrusted data. Remediations are provided by Microsof...
CVE-2026-40367
CVE-2026-40367 describes an Untrusted pointer dereference in Microsoft Word that enables local code execution. Based on the provided documents, the affected product is Microsoft Word (Office). The vulnerability allows an attacker to execute code locally without user interaction, as indicated by t...
CVE-2026-21260
CVE-2026-21260 affects Microsoft Office Outlook, where exposure of sensitive information to an unauthorized actor enables network-based spoofing. The entry cites a CVSSv3.1 base score of 7.5 (HIGH) with an attack vector of NETWORK and no privileges required, but has no exploitation details in the...
CVE-2008-5026
CVE-2008-5026 involves Microsoft SharePoint, where the Documents module allows uploading files using the same hostname/port as the site’s primary files. This enables remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) by uploading HTML documents...
CVE-2026-35439
CVE-2026-35439 is a remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data. An authorized attacker can exploit this over a network to execute code on affected systems. The CVE is associated with SharePoint Server (on‑premises) and the approv...
CVE-2025-54897
CVE-2025-54897 is a Microsoft SharePoint remote code execution vulnerability caused by deserialization of untrusted data, enabling an authorized attacker to execute code over the network. The CVSSv3.1 base score is 8.8 ( HIGH ), with network access, low attack complexity, and low privileges requi...
CVE-2026-44819
CVE-2026-44819 affects Microsoft Office and is described as a heap-based buffer overflow that allows a local attacker to execute code. The vulnerability is characterized by a LOCAL attack vector, LOW attack complexity, and requires user interaction, with a high impact on confidentiality, integrit...
CVE-2025-53760
CVE-2025-53760 is a Microsoft SharePoint elevation-of-privilege vulnerability described as an SSRF issue that can allow an authorized attacker to gain elevated privileges over a network. The CVSS v3.1 score is 7.1 (HIGH) with Network attack vector, low attack complexity, and privileges required: ...
CVE-2025-49701
CVE-2025-49701 is a Microsoft SharePoint remote code execution vulnerability caused by improper authorization, enabling an authenticated attacker to execute code over the network. Public advisories confirm impact as remote code execution in SharePoint environments, with patched updates released i...
CVE-2026-20947
CVE-2026-20947 is a Microsoft SharePoint/Office SharePoint Remote Code Execution vulnerability caused by improper neutralization of SQL elements in SharePoint. An attacker can trigger code execution over the network with low privileges and no user interaction on affected SharePoint Server deploym...
CVE-2026-40357
Technical details for CVE-2026-40357 are not publicly available in the provided documents. Monitor for updates from Microsoft and CVE records.
CVE-2026-20943
CVE-2026-20943 is a Microsoft Office Click-To-Run remote code execution issue caused by an untrusted search path that could allow local code execution. Connected sources confirm affected Office variants and that Microsoft released security updates in January 2026 (e.g., KB5002828/KB5002822 for di...
CVE-2026-26105
CVE-2026-26105 : A cross-site scripting vulnerability in Microsoft SharePoint (Office SharePoint) arises from improper input neutralization during web page generation, enabling an attacker to spoof over a network. Connected sources corroborate spoofing/impersonation risk for SharePoint Server. Im...
CVE-2025-59228
CVE-2025-59228 corresponds to a Microsoft SharePoint remote code execution vulnerability caused by improper input validation. Affected component is SharePoint within Office ecosystem; exploitation allows an authorized attacker to execute arbitrary code over a network with low privileges and no us...
CVE-2025-59237
CVE-2025-59237 is a SharePoint remote code execution vulnerability described as deserialization of untrusted data allowing an authenticated attacker to run code over the network. The advisory includes a CVSS v3.1 base score of 8.8 (HIGH) with network access, low attack complexity, and privileges ...
CVE-2026-21511
CVE-2026-21511 describes deserialization of untrusted data in Microsoft Office Outlook, enabling an unauthorized attacker to spoof over a network. Affected product: Microsoft Office Outlook. Root cause: unsafe deserialization of data. Impact: spoofing with network access; CVSS v3.1 base score 7.5...
CVE-2026-20958
CVE-2026-20958 is a Microsoft SharePoint SSRF information-disclosure vulnerability. Affected product: Microsoft Office SharePoint (on-premises SharePoint Server/Subscription Edition). Description in sources: SSRF in SharePoint could permit an authorized attacker to disclose information over a net...
CVE-2026-45485
CVE-2026-45485: In Microsoft Office, an out-of-bounds read leads to local information disclosure. Documents confirm the vulnerability and its impact (local disclosure) with low severity (CVSS 3.1:3.3). Exploitation details and affected component/version specifics are not provided in the supplied ...
CVE-2026-33113
CVE-2026-33113 describes an issue in Microsoft Office SharePoint where improper neutralization of input during web page generation enables an authorized attacker to perform spoofing over a network. Affected component: SharePoint Server. Root cause: cross-site scripting due to inadequate input han...
CVE-2026-20951
CVE-2026-20951 is a Microsoft SharePoint Server Remote Code Execution vulnerability caused by improper input validation in SharePoint. The issue allows an unauthenticated or authenticated attacker to execute code locally on affected SharePoint Server deployments. Documented affected products incl...
CVE-2026-45454
The CVE-2026-45454 entry documents a path traversal flaw in Microsoft SharePoint that enables remote code execution when an authorized user accesses a restricted path over a network. The issue affects Microsoft Office SharePoint and is described consistently across multiple sources (NVD, RH, EU E...
CVE-2026-47298
CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...