29 matches found
CVE-2025-53770
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...
CVE-2025-21400
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-49706
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-53771
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49704
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-27747
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-29794
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-21348
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21344
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-29793
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29820
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-26642
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-21393
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-27746
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47168
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-47169
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-30378
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-47172
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-47163
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-29976
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2025-47166
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-30382
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-30384
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
CVE-2025-49703
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53733
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-49701
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49712
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-53760
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2025-53736
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.