118 matches found
CVE-2026-48562
Summary: CVE-2026-48562 affects Microsoft Office SharePoint Server. It describes improper neutralization of input during web page generation, causing cross-site scripting that could enable an authorized attacker to perform spoofing over a network. The associated metrics assign a CVSS v3.1 base sc...
CVE-2026-47634
Microsoft Office SharePoint is affected by CVE-2026-47634, a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The vulnerability allows an authorized attacker to spoof users over a network. According to the sources, the issue impacts Shar...
CVE-2025-62204
CVE-2025-62204 describes a remote code execution vulnerability in Microsoft Office SharePoint caused by deserialization of untrusted data. Connected sources confirm impact across SharePoint Server on premises: SharePoint Server 2016 (KB for November 2025), SharePoint Server 2019, and SharePoint S...
CVE-2026-45485
CVE-2026-45485: In Microsoft Office, an out-of-bounds read leads to local information disclosure. Documents confirm the vulnerability and its impact (local disclosure) with low severity (CVSS 3.1:3.3). Exploitation details and affected component/version specifics are not provided in the supplied ...
CVE-2026-40368
CVE-2026-40368 is a remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data. The issue affects SharePoint Server on-premises (various versions) and can be triggered by processing crafted data over the network by an authenticated user, with CV...
CVE-2026-26113
CVE-2026-26113 is a Microsoft Office remote code-execution vulnerability caused by an untrusted pointer dereference. The issue is addressed in the March 2026 Patch Tuesday updates for Office; affected products are patched by Microsoft through the updates referenced by the vulnerability entry. The...
CVE-2026-47298
CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...
CVE-2026-20951
CVE-2026-20951 is a Microsoft SharePoint Server Remote Code Execution vulnerability caused by improper input validation in SharePoint. The issue allows an unauthenticated or authenticated attacker to execute code locally on affected SharePoint Server deployments. Documented affected products incl...
CVE-2026-45484
This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...
CVE-2026-45468
CVE-2026-45468 involves an improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint / SharePoint Server . An authorized attacker can perform spoofing over a network by targeting affected SharePoint web pages. The CVSS 3.1 base score is 4.6 (Medium); attack ...
CVE-2025-64672
CVE-2025-64672 is a cross-site scripting issue in Microsoft Office SharePoint (and related SharePoint Server components) caused by improper neutralization of input during web page generation. An authorized attacker can spoof the user interface over a network, potentially compromising user experie...
CVE-2026-45453
CVE-2026-45453 affects Microsoft Office SharePoint Server and stems from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network via a cross-site scripting (XSS) flaw. The vulnerability involves the web-page generation compon...
CVE-2026-47639
CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...
CVE-2026-44824
CVE-2026-44824 affects Microsoft Office and is a heap-based buffer overflow that enables local code execution. The issue requires user interaction and has a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, no privileges required, and high impact on confidentiality, integrity, and avai...
CVE-2026-45467
CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...
CVE-2026-26106
CVE-2026-26106 is a Microsoft SharePoint Server remote code execution vulnerability caused by improper input validation. The CVE affects SharePoint Server variants (Office/SharePoint components) and enables an authenticated (network) attacker with low privileges to execute arbitrary code, potenti...
CVE-2026-47641
CVE-2026-47641 concerns Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. The underlying flaw is input not being properly sanitized, potentially allowing an authorized attacker to spoof content over a network. According to ...
CVE-2026-44821
The CVE-2026-44821 entry concerns an out-of-bounds read in Microsoft Office that could allow a local attacker to disclose information. Affected software is Microsoft Office; the vulnerability is a read boundary issue in a component/file used by Office, enabling local information disclosure. The p...
CVE-2026-45471
CVE-2026-45471 affects Microsoft Word and stems from an untrusted pointer dereference in Word’s runtime that can lead to local code execution. The CVSSv3.1 vector (L/Low complexity, no privileges required, user interaction required, local scope) yields a base score of 7.8 (HIGH). Documented impac...
CVE-2026-45475
This CVE (CVE-2026-45475) concerns a heap-based buffer overflow in Microsoft Office. The description indicates an unauthorized attacker could achieve local code execution, with user interaction required and high impact on confidentiality, integrity, and availability. The provided documents do not...
CVE-2026-47637
CVE-2026-47637 describes an XSS issue in Microsoft Office SharePoint Server. The vulnerability arises from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network. {}Affected product/component: Microsoft Office SharePoint Ser...
CVE-2026-45483
CVE-2026-45483 affects Microsoft Office Project Server and involves improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is described as allowing an authorized attacker to perform spoofing over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:L...
CVE-2026-20959
CVE-2026-20959 is a cross-site scripting vulnerability in Microsoft Office SharePoint (Server/Subscription Edition) caused by improper neutralization of input during web page generation. An authorized attacker could spoof a user over the network. Affected products include SharePoint Server (2016/...
CVE-2026-45481
CVE-2026-45481 is a cross-site scripting vulnerability in Microsoft Office SharePoint arising from improper input neutralization during web page generation. The issue can allow an authorized attacker to perform spoofing over a network. According to the available records, the affected component is...
CVE-2026-47638
Microsoft SharePoint (Office SharePoint) is affected by CVE-2026-47638 due to improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over the network (XSS). The NVD entries describe this as a cross-site scripting vulnerability with network acce...
CVE-2026-48560
CVE-2026-48560 is documented as a cross-site scripting vulnerability in Microsoft Office SharePoint/SharePoint Server. The underlying issue is improper neutralization of input during web page generation, enabling an authorized attacker to spoof over a network. Affected product portions are ShareP...
CVE-2026-45464
CVE-2026-45464 relates to a vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. According to NVD/Microsoft, the issue could allow an authorized attacker to spoof content over a network, with a CVSS 3.1 base s...
CVE-2026-45465
CVE-2026-45465 : The vulnerability affects Microsoft Office SharePoint Server and is due to improper neutralization of input during web page generation, resulting in a cross-site scripting (XSS) issue. An authorized attacker can perform network-based spoofing. According to the provided descriptio...
CVE-2026-20945
CVE-2026-20945 (SharePoint) is an XSS-style vulnerability in Microsoft Office SharePoint where improper input neutralization during web page generation could allow an authorized attacker to spoof another user. Connected documents confirm the issue impacts SharePoint components and is being addres...
CVE-2026-45462
The CVE-2026-45462 entry describes an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable spoofing over a network. According to the connected records, impact is limited to spoofing with Confidentiality/Integrity/Availabilit...
CVE-2026-45479
The CVE-2026-45479 entries describe an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable an authorized attacker to perform spoofing over the network. Affected product is SharePoint/SharePoint Server; the root cause is lac...
CVE-2026-47636
CVE-2026-47636: Improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint. Descriptions indicate an authorised attacker could perform spoofing over the network by exploiting input handling during page rendering. Affected product: Microsoft SharePoint Server;...
CVE-2026-47640
CVE-2026-47640 – Details : Affects Microsoft Office SharePoint (SharePoint Server). The vulnerability is an improper neutralization of input during web page generation (XSS), enabling an authorized attacker to perform spoofing over a network. The connected documents do not specify affected versio...
CVE-2026-55019
CVE-2026-55019 describes an "Improper neutralization of input during web page generation" (XSS) in Microsoft Office SharePoint, enabling an authorized attacker to spoof content over the network. Multiple connected sources confirm: affected product is SharePoint Server (Microsoft Office/SharePoint...
CVE-2026-55035
CVE-2026-55035 is an information-disclosure vulnerability described as an out-of-bounds read in Microsoft Office that allows a locally authenticated attacker to disclose information. Connected sources confirm this affects multiple Office components (Word, Excel, PowerPoint, SharePoint, etc.) and ...
CVE-2026-56157
Summary: CVE-2026-56157 is described as an improper access-control vulnerability in Microsoft Office SharePoint that could enable an authorized attacker to spoof over a network. The connected documents consistently identify SharePoint (Office suite) as affected and describe the impact as spoofing...
CVE-2026-55020
CVE-2026-55020 is an Office SharePoint cross-site scripting vulnerability described as improper neutralization of input during web page generation, enabling an authenticated attacker to spoof over the network. The affected component is Microsoft Office SharePoint; root cause is input handling in ...
CVE-2026-55127
CVE-2026-55127 is a heap-based buffer overflow in Microsoft Word (Office) that enables local code execution. Public sources corroborate a Word-related RCE risk, with the issue categorized under Office/Word vulnerabilities in July 2026 patch disclosures. Remediation is via Microsoft’s July 2026 se...
CVE-2026-55121
CVE-2026-55121 corresponds to an out-of-bounds read in Microsoft Office that enables an unauthenticated or authorized local attacker to disclose information. The public descriptions across NVD/MSRC and EUVD notes indicate the vulnerability affects Microsoft Office components and results in local ...
CVE-2026-55134
CVE-2026-55134 is a stack-based buffer overflow in Microsoft Word (Office) that can allow a local attacker to execute arbitrary code. The CVE entry is corroborated by multiple sources in the Connected documents, which identify Word as the affected component and describe local code execution as th...
CVE-2026-56192
The CVE-2026-56192 entry describes a local, information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read. Affected product: Microsoft Office suite (Office components) per multiple connected sources. Root cause and exact vulnerable component are not fully detailed in th...
CVE-2026-54108
CVE-2026-54108 affects Microsoft SharePoint Server. An authorized attacker can influence a file name or path in SharePoint, enabling network-based spoofing. CVSS v3.1: 6.5 (MEDIUM), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Root cause details are not provided in the supplied documents; no exploitation...
CVE-2026-55033
CVE-2026-55033 is a Microsoft Word vulnerability described as an integer overflow/wraparound in Word’s document processing, enabling a local attacker to execute arbitrary code by opening a crafted Word file or link. The root cause is an overflow in Word’s handling, with impact described as local ...
CVE-2026-55142
Microsoft Word within Office is affected by CVE-2026-55142 due to a numeric truncation error that can disclose information locally. Exploitation is local with required user interaction; the advisory notes a security update from Microsoft as remediation. References to July 2026 Office advisories c...
CVE-2026-55016
CVE-2026-55016 is a SharePoint-related issue affecting Microsoft Office SharePoint, described as improper neutralization of input during web page generation (XSS) that enables spoofing over a network by an authorized attacker. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a bas...
CVE-2026-55047
CVE-2026-55047 is a local, information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read. The NCSC advisory confirms presence across Microsoft Office offerings (Word, Excel, PowerPoint, SharePoint, and others) with an impact categorized as data exposure. Exploitation wo...
CVE-2026-55028
CVE-2026-55028 is an Office vulnerability described as an out-of-bounds read in Microsoft Office that allows an unauthorized attacker to disclose information locally. The CVE is tied to Office components (Word/Excel/PowerPoint/SharePoint) and is listed with a local attack vector, requiring user i...
CVE-2026-55032
CVE-2026-55032 is a Microsoft Word remote code execution vulnerability reported as a use-after-free issue in Microsoft Office Word. The CVE entry specifies local attack vector with user interaction required, yielding a high severity (CVSS 3.1: 7.8, HIGH) and potential for arbitrary code execution...
CVE-2026-55124
CVE-2026-55124 is a Microsoft Word/Office vulnerability where the root cause is improper validation of a specified input type, leading to local information disclosure. Documents consistently describe Word as the affected component and report a local attack vector with user interaction required (p...
CVE-2026-55135
CVE-2026-55135 concerns a cross-site scripting spoofing vulnerability in Microsoft Office SharePoint. The connected sources identify the affected product as Microsoft SharePoint Server (part of Office/SharePoint), and describe the root cause as improper neutralization of input during web page gen...