Lucene search
+L
MicrosoftSharepoint Server*

118 matches found

CVE
CVE
added 2026/06/09 5:5 p.m.46 views

CVE-2026-48562

Summary: CVE-2026-48562 affects Microsoft Office SharePoint Server. It describes improper neutralization of input during web page generation, causing cross-site scripting that could enable an authorized attacker to perform spoofing over a network. The associated metrics assign a CVSS v3.1 base sc...

4.6CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.43 views

CVE-2026-47634

Microsoft Office SharePoint is affected by CVE-2026-47634, a cross-site scripting (XSS) vulnerability due to improper neutralization of input during web page generation. The vulnerability allows an authorized attacker to spoof users over a network. According to the sources, the issue impacts Shar...

7.3CVSS7AI score0.00559EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.42 views

CVE-2025-62204

CVE-2025-62204 describes a remote code execution vulnerability in Microsoft Office SharePoint caused by deserialization of untrusted data. Connected sources confirm impact across SharePoint Server on premises: SharePoint Server 2016 (KB for November 2025), SharePoint Server 2019, and SharePoint S...

8CVSS5.7AI score0.02014EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.42 views

CVE-2026-45485

CVE-2026-45485: In Microsoft Office, an out-of-bounds read leads to local information disclosure. Documents confirm the vulnerability and its impact (local disclosure) with low severity (CVSS 3.1:3.3). Exploitation details and affected component/version specifics are not provided in the supplied ...

3.3CVSS5.4AI score0.00439EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.41 views

CVE-2026-40368

CVE-2026-40368 is a remote code execution vulnerability in Microsoft SharePoint Server caused by deserialization of untrusted data. The issue affects SharePoint Server on-premises (various versions) and can be triggered by processing crafted data over the network by an authenticated user, with CV...

8CVSS6AI score0.01977EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.40 views

CVE-2026-26113

CVE-2026-26113 is a Microsoft Office remote code-execution vulnerability caused by an untrusted pointer dereference. The issue is addressed in the March 2026 Patch Tuesday updates for Office; affected products are patched by Microsoft through the updates referenced by the vulnerability entry. The...

8.4CVSS5.9AI score0.00545EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.40 views

CVE-2026-47298

CVE-2026-47298 constrains Microsoft Office SharePoint, where improper authorization allows an attacker with network access to execute code on vulnerable systems. The vulnerability is described as a remote code execution issue with a high impact on confidentiality, integrity, and availability (CVE...

8CVSS5.7AI score0.00669EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.39 views

CVE-2026-20951

CVE-2026-20951 is a Microsoft SharePoint Server Remote Code Execution vulnerability caused by improper input validation in SharePoint. The issue allows an unauthenticated or authenticated attacker to execute code locally on affected SharePoint Server deployments. Documented affected products incl...

7.8CVSS6.9AI score0.00774EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.39 views

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

8.8CVSS5.5AI score0.01982EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.38 views

CVE-2026-45468

CVE-2026-45468 involves an improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint / SharePoint Server . An authorized attacker can perform spoofing over a network by targeting affected SharePoint web pages. The CVSS 3.1 base score is 4.6 (Medium); attack ...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2025/12/09 5:56 p.m.35 views

CVE-2025-64672

CVE-2025-64672 is a cross-site scripting issue in Microsoft Office SharePoint (and related SharePoint Server components) caused by improper neutralization of input during web page generation. An authorized attacker can spoof the user interface over a network, potentially compromising user experie...

9CVSS6.3AI score0.0103EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.35 views

CVE-2026-45453

CVE-2026-45453 affects Microsoft Office SharePoint Server and stems from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network via a cross-site scripting (XSS) flaw. The vulnerability involves the web-page generation compon...

5.4CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.35 views

CVE-2026-47639

CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...

5.4CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.33 views

CVE-2026-44824

CVE-2026-44824 affects Microsoft Office and is a heap-based buffer overflow that enables local code execution. The issue requires user interaction and has a CVSS v3.1 base score of 7.8 (HIGH) with LOCAL attack vector, no privileges required, and high impact on confidentiality, integrity, and avai...

7.8CVSS6AI score0.00457EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.33 views

CVE-2026-45467

CVE-2026-45467 describes an XSS vulnerability in Microsoft Office SharePoint Server caused by improper neutralization of input during web page generation. The issue can allow a network-based, authenticated attacker with low privileges to spoof content presented to users, requiring user interactio...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.31 views

CVE-2026-26106

CVE-2026-26106 is a Microsoft SharePoint Server remote code execution vulnerability caused by improper input validation. The CVE affects SharePoint Server variants (Office/SharePoint components) and enables an authenticated (network) attacker with low privileges to execute arbitrary code, potenti...

8.8CVSS5.9AI score0.0137EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.31 views

CVE-2026-47641

CVE-2026-47641 concerns Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. The underlying flaw is input not being properly sanitized, potentially allowing an authorized attacker to spoof content over a network. According to ...

5.4CVSS6.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.30 views

CVE-2026-44821

The CVE-2026-44821 entry concerns an out-of-bounds read in Microsoft Office that could allow a local attacker to disclose information. Affected software is Microsoft Office; the vulnerability is a read boundary issue in a component/file used by Office, enabling local information disclosure. The p...

5.5CVSS5.4AI score0.00467EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.30 views

CVE-2026-45471

CVE-2026-45471 affects Microsoft Word and stems from an untrusted pointer dereference in Word’s runtime that can lead to local code execution. The CVSSv3.1 vector (L/Low complexity, no privileges required, user interaction required, local scope) yields a base score of 7.8 (HIGH). Documented impac...

7.8CVSS5.7AI score0.00457EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.28 views

CVE-2026-45475

This CVE (CVE-2026-45475) concerns a heap-based buffer overflow in Microsoft Office. The description indicates an unauthorized attacker could achieve local code execution, with user interaction required and high impact on confidentiality, integrity, and availability. The provided documents do not...

7.8CVSS6AI score0.00457EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.28 views

CVE-2026-47637

CVE-2026-47637 describes an XSS issue in Microsoft Office SharePoint Server. The vulnerability arises from improper neutralization of input during web page generation, enabling an authorized attacker to perform spoofing over a network. {}Affected product/component: Microsoft Office SharePoint Ser...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.27 views

CVE-2026-45483

CVE-2026-45483 affects Microsoft Office Project Server and involves improper neutralization of input during web page generation, enabling cross-site scripting. The vulnerability is described as allowing an authorized attacker to perform spoofing over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:L...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.26 views

CVE-2026-20959

CVE-2026-20959 is a cross-site scripting vulnerability in Microsoft Office SharePoint (Server/Subscription Edition) caused by improper neutralization of input during web page generation. An authorized attacker could spoof a user over the network. Affected products include SharePoint Server (2016/...

5.4CVSS6.3AI score0.06984EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.26 views

CVE-2026-45481

CVE-2026-45481 is a cross-site scripting vulnerability in Microsoft Office SharePoint arising from improper input neutralization during web page generation. The issue can allow an authorized attacker to perform spoofing over a network. According to the available records, the affected component is...

7.3CVSS5.4AI score0.00687EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.26 views

CVE-2026-47638

Microsoft SharePoint (Office SharePoint) is affected by CVE-2026-47638 due to improper neutralization of input during web page generation, enabling an authorized attacker to spoof users over the network (XSS). The NVD entries describe this as a cross-site scripting vulnerability with network acce...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.26 views

CVE-2026-48560

CVE-2026-48560 is documented as a cross-site scripting vulnerability in Microsoft Office SharePoint/SharePoint Server. The underlying issue is improper neutralization of input during web page generation, enabling an authorized attacker to spoof over a network. Affected product portions are ShareP...

5.4CVSS6.6AI score0.00937EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.25 views

CVE-2026-45464

CVE-2026-45464 relates to a vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation enables cross-site scripting. According to NVD/Microsoft, the issue could allow an authorized attacker to spoof content over a network, with a CVSS 3.1 base s...

5.4CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.25 views

CVE-2026-45465

CVE-2026-45465 : The vulnerability affects Microsoft Office SharePoint Server and is due to improper neutralization of input during web page generation, resulting in a cross-site scripting (XSS) issue. An authorized attacker can perform network-based spoofing. According to the provided descriptio...

5.4CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2026/04/14 4:56 p.m.24 views

CVE-2026-20945

CVE-2026-20945 (SharePoint) is an XSS-style vulnerability in Microsoft Office SharePoint where improper input neutralization during web page generation could allow an authorized attacker to spoof another user. Connected documents confirm the issue impacts SharePoint components and is being addres...

5.4CVSS5.8AI score0.25082EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.24 views

CVE-2026-45462

The CVE-2026-45462 entry describes an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable spoofing over a network. According to the connected records, impact is limited to spoofing with Confidentiality/Integrity/Availabilit...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.24 views

CVE-2026-45479

The CVE-2026-45479 entries describe an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable an authorized attacker to perform spoofing over the network. Affected product is SharePoint/SharePoint Server; the root cause is lac...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.24 views

CVE-2026-47636

CVE-2026-47636: Improper neutralization of input during web page generation (XSS) in Microsoft Office SharePoint. Descriptions indicate an authorised attacker could perform spoofing over the network by exploiting input handling during page rendering. Affected product: Microsoft SharePoint Server;...

5.4CVSS6.6AI score0.0051EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.23 views

CVE-2026-47640

CVE-2026-47640 – Details : Affects Microsoft Office SharePoint (SharePoint Server). The vulnerability is an improper neutralization of input during web page generation (XSS), enabling an authorized attacker to perform spoofing over a network. The connected documents do not specify affected versio...

5.4CVSS5.4AI score0.00505EPSS
CVE
CVE
added 5 days ago22 views

CVE-2026-55019

CVE-2026-55019 describes an "Improper neutralization of input during web page generation" (XSS) in Microsoft Office SharePoint, enabling an authorized attacker to spoof content over the network. Multiple connected sources confirm: affected product is SharePoint Server (Microsoft Office/SharePoint...

5.4CVSS6.1AI score0.00447EPSS
CVE
CVE
added 5 days ago21 views

CVE-2026-55035

CVE-2026-55035 is an information-disclosure vulnerability described as an out-of-bounds read in Microsoft Office that allows a locally authenticated attacker to disclose information. Connected sources confirm this affects multiple Office components (Word, Excel, PowerPoint, SharePoint, etc.) and ...

5.5CVSS6AI score0.00477EPSS
CVE
CVE
added 5 days ago21 views

CVE-2026-56157

Summary: CVE-2026-56157 is described as an improper access-control vulnerability in Microsoft Office SharePoint that could enable an authorized attacker to spoof over a network. The connected documents consistently identify SharePoint (Office suite) as affected and describe the impact as spoofing...

5.4CVSS6.1AI score0.0029EPSS
CVE
CVE
added 5 days ago19 views

CVE-2026-55020

CVE-2026-55020 is an Office SharePoint cross-site scripting vulnerability described as improper neutralization of input during web page generation, enabling an authenticated attacker to spoof over the network. The affected component is Microsoft Office SharePoint; root cause is input handling in ...

5.4CVSS6.1AI score0.00335EPSS
CVE
CVE
added 5 days ago18 views

CVE-2026-55127

CVE-2026-55127 is a heap-based buffer overflow in Microsoft Word (Office) that enables local code execution. Public sources corroborate a Word-related RCE risk, with the issue categorized under Office/Word vulnerabilities in July 2026 patch disclosures. Remediation is via Microsoft’s July 2026 se...

7.8CVSS6.2AI score0.0034EPSS
CVE
CVE
added 5 days ago17 views

CVE-2026-55121

CVE-2026-55121 corresponds to an out-of-bounds read in Microsoft Office that enables an unauthenticated or authorized local attacker to disclose information. The public descriptions across NVD/MSRC and EUVD notes indicate the vulnerability affects Microsoft Office components and results in local ...

5.5CVSS6AI score0.00353EPSS
CVE
CVE
added 5 days ago17 views

CVE-2026-55134

CVE-2026-55134 is a stack-based buffer overflow in Microsoft Word (Office) that can allow a local attacker to execute arbitrary code. The CVE entry is corroborated by multiple sources in the Connected documents, which identify Word as the affected component and describe local code execution as th...

7.8CVSS6.2AI score0.00303EPSS
CVE
CVE
added 5 days ago16 views

CVE-2026-56192

The CVE-2026-56192 entry describes a local, information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read. Affected product: Microsoft Office suite (Office components) per multiple connected sources. Root cause and exact vulnerable component are not fully detailed in th...

5.5CVSS6AI score0.00382EPSS
CVE
CVE
added 5 days ago15 views

CVE-2026-54108

CVE-2026-54108 affects Microsoft SharePoint Server. An authorized attacker can influence a file name or path in SharePoint, enabling network-based spoofing. CVSS v3.1: 6.5 (MEDIUM), AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Root cause details are not provided in the supplied documents; no exploitation...

6.5CVSS6.1AI score0.00713EPSS
CVE
CVE
added 5 days ago15 views

CVE-2026-55033

CVE-2026-55033 is a Microsoft Word vulnerability described as an integer overflow/wraparound in Word’s document processing, enabling a local attacker to execute arbitrary code by opening a crafted Word file or link. The root cause is an overflow in Word’s handling, with impact described as local ...

7.8CVSS6.2AI score0.00471EPSS
CVE
CVE
added 5 days ago15 views

CVE-2026-55142

Microsoft Word within Office is affected by CVE-2026-55142 due to a numeric truncation error that can disclose information locally. Exploitation is local with required user interaction; the advisory notes a security update from Microsoft as remediation. References to July 2026 Office advisories c...

5.5CVSS6AI score0.00382EPSS
CVE
CVE
added 5 days ago14 views

CVE-2026-55016

CVE-2026-55016 is a SharePoint-related issue affecting Microsoft Office SharePoint, described as improper neutralization of input during web page generation (XSS) that enables spoofing over a network by an authorized attacker. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N) yields a bas...

5.4CVSS6.1AI score0.00335EPSS
CVE
CVE
added 5 days ago13 views

CVE-2026-55047

CVE-2026-55047 is a local, information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read. The NCSC advisory confirms presence across Microsoft Office offerings (Word, Excel, PowerPoint, SharePoint, and others) with an impact categorized as data exposure. Exploitation wo...

5.5CVSS6AI score0.00487EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-55028

CVE-2026-55028 is an Office vulnerability described as an out-of-bounds read in Microsoft Office that allows an unauthorized attacker to disclose information locally. The CVE is tied to Office components (Word/Excel/PowerPoint/SharePoint) and is listed with a local attack vector, requiring user i...

5.5CVSS6AI score0.00382EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-55032

CVE-2026-55032 is a Microsoft Word remote code execution vulnerability reported as a use-after-free issue in Microsoft Office Word. The CVE entry specifies local attack vector with user interaction required, yielding a high severity (CVSS 3.1: 7.8, HIGH) and potential for arbitrary code execution...

7.8CVSS6.1AI score0.00303EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-55124

CVE-2026-55124 is a Microsoft Word/Office vulnerability where the root cause is improper validation of a specified input type, leading to local information disclosure. Documents consistently describe Word as the affected component and report a local attack vector with user interaction required (p...

5.5CVSS6AI score0.00382EPSS
CVE
CVE
added 5 days ago12 views

CVE-2026-55135

CVE-2026-55135 concerns a cross-site scripting spoofing vulnerability in Microsoft Office SharePoint. The connected sources identify the affected product as Microsoft SharePoint Server (part of Office/SharePoint), and describe the root cause as improper neutralization of input during web page gen...

5.4CVSS6.1AI score0.00335EPSS
Total number of security vulnerabilities118