Lucene search
+L
MicrosoftSharepoint Server2016

211 matches found

CVE
CVE
added 2019/01/08 9:0 p.m.1187 views

CVE-2019-0585

CVE-2019-0585 is a remote code execution vulnerability in Microsoft Word/Office products caused by improper handling of objects in memory. Exploitation could occur via specially crafted Word files, potentially in contexts like email/preview panes, with the attacker gaining the same user rights as...

9.3CVSS8.3AI score0.20713EPSS
CVE
CVE
added 2025/07/20 1:6 a.m.1086 views

CVE-2025-53770

CVE-2025-53770 is a critical remote code execution vulnerability in on-premises Microsoft SharePoint Server, achieved via deserialization of untrusted data and an unauthenticated POST to ToolPane.aspx. The attack chain typically bypasses authentication, retrieves MachineKey values from the web.co...

9.8CVSS6.8AI score0.99979EPSS
In wild
CVE
CVE
added 2023/09/12 4:58 p.m.572 views

CVE-2023-36762

CVE-2023-36762 is a Microsoft Word remote code execution vulnerability. The available documents confirm an impact on Word and related Word components, with an exploit path requiring user interaction and local access (CVSS 3.1: AV=L, AC=L, PR=None, UI=Required, C/H/I/H/A=L). Public details note po...

7.3CVSS7.3AI score0.01017EPSS
CVE
CVE
added 2023/09/12 4:58 p.m.470 views

CVE-2023-36764

CVE-2023-36764 affects Microsoft SharePoint Server and is an Elevation of Privilege vulnerability. The connected CNVD entry confirms an elevation of privilege issue exists in SharePoint Server; MSRC details indicate a patch exists for SharePoint Server 2019 (KB5002472). The remediation requires i...

8.8CVSS8.5AI score0.02254EPSS
CVE
CVE
added 2024/07/09 5:3 p.m.355 views

CVE-2024-38094

CVE-2024-38094 is a Microsoft SharePoint deserialization vulnerability that allows remote code execution. Connected sources indicate an authenticated attacker with Site Owner permissions can inject and execute arbitrary code on the SharePoint server, with exploit activity noted in the wild (CISA ...

7.2CVSS7.5AI score0.47826EPSS
In wild
CVE
CVE
added 2025/07/20 10:16 p.m.316 views

CVE-2025-53771

CVE-2025-53771 is an authentication spoofing (patch-bypass) vulnerability in Microsoft SharePoint Server on-premises, enabling bypass of access checks on /layouts/15/ToolPane.aspx (DisplayMode=Edit) via crafted Referer headers. Connected docs also describe a related RCE chain when paired with CVE...

6.5CVSS7.5AI score0.99911EPSS
In wild
CVE
CVE
added 2017/05/12 2:0 p.m.311 views

CVE-2017-0281

CVE-2017-0281 / CVE-2017-0262 describe a remote code execution flaw in Microsoft Office and related components triggered by memory handling errors while processing specially crafted Office files (EPS in particular). Affected products include Office 2010 SP2, Office 2013 SP1, Office 2016, and broa...

9.3CVSS8.1AI score0.14831EPSS
In wild
CVE
CVE
added 2025/07/08 4:58 p.m.290 views

CVE-2025-49704

CVE-2025-49704 (SharePoint on‑premises) is part of the ToolShell chain that combines CVE-2025-49706 (authentication bypass) with a deserialization/RCE flaw. Public docs describe unauthenticated or spoofed-access POSTs to ToolPane.aspx, enabling remote code execution and post‑exploitation activity...

8.8CVSS6.9AI score0.99907EPSS
In wild
CVE
CVE
added 2025/02/11 5:58 p.m.279 views

CVE-2025-21400

CVE-2025-21400 is a Microsoft SharePoint Server remote code execution vulnerability. Connected advisories confirm affected product is SharePoint Server with RCE impact and a CVSS v3.1 base score of 8.0 (High). Patches are available: KB5002681 (SharePoint Server Subscription Edition) and KB5002685...

8CVSS8AI score0.30987EPSS
CVE
CVE
added 2024/03/12 4:57 p.m.267 views

CVE-2024-21426

CVE-2024-21426 is a Microsoft SharePoint Server remote code execution vulnerability. Publicly documented impact affects multiple SharePoint products, including SharePoint Server 2019, SharePoint Server Subscription Edition, SharePoint Enterprise Server 2016, and related on-premises deployments. R...

7.8CVSS7.7AI score0.02109EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.231 views

CVE-2023-21742

CVE-2023-21742 affects Microsoft SharePoint Server family. A GitHub PoC for CVE-2023-21742 demonstrates an Improper Access Control path in SharePoint’s webpartpages (POST to _vti_bin/webpartpages.asmx, ConvertWebPartFormat) that leaks an attribute/property; the PoC explicitly notes it is not a fu...

8.8CVSS8.8AI score0.55786EPSS
CVE
CVE
added 2022/06/15 9:52 p.m.222 views

CVE-2022-30172

CVE-2022-30172 is an Microsoft Office information disclosure vulnerability. Connected documents indicate remediation via Microsoft security updates KB5002062/KB5002222/KB5002224/KB5002214 addressing Office/SharePoint components in various Server editions. Exploitation details and affected product...

5.5CVSS6AI score0.02422EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.217 views

CVE-2021-31950

CVE-2021-31950 is an on‑premises Microsoft SharePoint Server spoofing vulnerability (CWE: spoofing) with a documented SSRF/Server‑Side Request Forgery angle. Public details tie exploitation to SharePoint Server 16.0.x (example: 16.0.10372.20060) via GetXmlDataFromDataSource, enabling content spoo...

8.1CVSS7.4AI score0.04563EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.210 views

CVE-2023-21743

Mode C CVE-2023-21743 affects Microsoft SharePoint Server and is a security feature bypass vulnerability. An unauthenticated attacker could bypass authentication and establish an anonymous connection to a vulnerable SharePoint farm. Exploitation requires triggering a SharePoint upgrade action, wh...

5.3CVSS6.4AI score0.01124EPSS
CVE
CVE
added 2022/01/11 8:22 p.m.208 views

CVE-2022-21837

CVE-2022-21837 is a remote code execution vulnerability in Microsoft SharePoint Server (on‑prem). Connected sources confirm that exploitation could allow an attacker to run arbitrary code on the SharePoint server (e.g., potentially escalate to SharePoint admin) if the vulnerable SharePoint Server...

9CVSS8.6AI score0.02837EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.205 views

CVE-2023-28288

CVE-2023-28288 is a network-exploitable spoofing vulnerability affecting Microsoft SharePoint Server families. Public references (Exploit-DB entry) show a remote exploit against SharePoint Enterprise Server 2016, aligning with the vulnerability class described as spoofing in the CVE record. The C...

8.1CVSS7.8AI score0.06233EPSS
Web
CVE
CVE
added 2024/01/09 5:57 p.m.205 views

CVE-2024-21318

CVE-2024-21318 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. The CVE entry lists a CVSS v3.1 base score of 8.8 ( HIGH ) with network attack vector, low attack complexity, and privileges required as LOW, no user interaction, and impact on confidenti...

8.8CVSS8.6AI score0.30801EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.200 views

CVE-2021-28474

CVE-2021-28474 maps to a Microsoft SharePoint Server remote code execution vulnerability. Public details within the provided docs are limited to high‑level descriptions (SharePoint Server RCE) and CVSS metrics; no explicit exploit vectors or affected versions are stated in Connected documents. Th...

8.8CVSS8.8AI score0.50628EPSS
Web
CVE
CVE
added 2022/01/11 8:22 p.m.194 views

CVE-2022-21840

CVE-2022-21840 is a Microsoft Office remote code execution vulnerability. Public documentation notes an Office RCE that can be exploited via social engineering (e.g., opening a malicious attachment or visiting a malicious site) and may require user interaction. The CVSS details indicate high impa...

8.8CVSS8.8AI score0.02924EPSS
CVE
CVE
added 2022/04/15 7:2 p.m.185 views

CVE-2022-24472

CVE-2022-24472 is a Microsoft SharePoint Server spoofing vulnerability. Connected sources confirm affected product family (SharePoint Server variants) and indicate remediation via security updates KB5002191 (SharePoint Server Subscription Edition) and KB5002180 (SharePoint Server 2019), which add...

8CVSS6.3AI score0.01881EPSS
CVE
CVE
added 2021/07/16 8:19 p.m.183 views

CVE-2021-34467

CVE-2021-34467 affects Microsoft SharePoint Server (SharePoint Server 2019). The connected documents indicate this is a remote code execution vulnerability addressed by the security update KB5001975, which resolves both the RCE and a spoofing issue. The patch is for 64-bit SharePoint Server 2019 ...

8.8CVSS7.5AI score0.05383EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.180 views

CVE-2021-34520

CVE-2021-34520 concerns a Microsoft SharePoint Server Remote Code Execution vulnerability. The related connected document KB5001975 confirms a security update for SharePoint Server 2019 (16.0.10376.20001) that addresses this vulnerability. The CVE is described with high severity in accompanying m...

8.8CVSS8.1AI score0.03324EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.179 views

CVE-2021-34468

CVE-2021-34468 is a Microsoft SharePoint Server Remote Code Execution vulnerability. The initial data indicates an RCE weakness affecting SharePoint Server with a CVSS v3.1 base score of 8.0 (HIGH), an adjacent network attack vector, low attack complexity, no privileges required, and user interac...

8CVSS7.5AI score0.0102EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.178 views

CVE-2021-28453

CVE-2021-28453 is a Microsoft Word remote code execution vulnerability. The primary sources (NVD entry for CVE-2021-28453) and connected Nessus plugins reference Word/Office products being affected by a remote code execution vulnerability tied to this CVE. Some Nessus entries list Word/Office as ...

7.8CVSS7.8AI score0.04068EPSS
CVE
CVE
added 2024/04/09 5:1 p.m.169 views

CVE-2024-26251

CVE-2024-26251 refers to a Microsoft SharePoint Server spoofing vulnerability that allows an attacker to impersonate another user when a victim follows a rogue link. Connected sources confirm exploitation depends on social/drive-by user interaction, with root cause in improper spoofing/auth conte...

6.8CVSS8.8AI score0.01395EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.168 views

CVE-2020-17118

CVE-2020-17118 is a remote code execution vulnerability in Microsoft SharePoint Server. The connected documents confirm it affects multiple SharePoint Server versions (2010, 2013, 2016, 2019) and that systems missing security updates are affected. No explicit root-cause details are provided in th...

10CVSS8.4AI score0.03708EPSS
CVE
CVE
added 2021/03/11 3:50 p.m.168 views

CVE-2021-27076

CVE-2021-27076 is a SharePoint Server Remote Code Execution flaw rooted in InfoPath session state deserialization. The vulnerability arises when the server deserializes a crafted DocumentSessionState via the BinaryFormatter, enabling arbitrary code execution with SYSTEM privileges after deseriali...

8.8CVSS8.8AI score0.14387EPSS
In wild
CVE
CVE
added 2021/06/08 10:46 p.m.164 views

CVE-2021-31966

CVE-2021-31966 is a Microsoft SharePoint Server remote code execution vulnerability. The connected documents confirm affected product families include SharePoint Server (2013/2016/2019 on-premises) and show that patches released June 8, 2021 (KB5001922/KB5001946, and related advisories) address t...

7.2CVSS7.2AI score0.04577EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.162 views

CVE-2021-26418

Microsoft SharePoint Server 2019 is affected by CVE-2021-26418 (Spoofing). The vulnerability is addressed by the May 11, 2021 security update KB5001916, which resolves the spoofing issue alongside related fixes. The update fixes remote-code-execution/spoofing concerns and requires installing KB50...

7.1CVSS5.2AI score0.0124EPSS
CVE
CVE
added 2023/01/10 12:0 a.m.162 views

CVE-2023-21744

CVE-2023-21744 is a Microsoft SharePoint Server remote code execution vulnerability. Connected sources confirm that it affects SharePoint Server products (Foundation 2013, Server 2016/2019 and subscriptions) and that exploitation leads to arbitrary code execution with network access and no user i...

8.8CVSS8.8AI score0.02845EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.161 views

CVE-2021-34519

CVE-2021-34519 is a Microsoft SharePoint Server information disclosure vulnerability affecting on‑premises SharePoint Server variants. Connected documents confirm it is an information disclosure issue tied to SharePoint Server (2013/2016/Enterprise Server 2016) and reference security updates (e.g...

5.3CVSS5.2AI score0.04445EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.159 views

CVE-2026-45456

CVE-2026-45456 affects Microsoft Office apps (notably Outlook and Word) and is caused by a resource access type confusion that can lead to local code execution. The vulnerability allows an authenticated, local attacker to run arbitrary code without user interaction, with high impact on confidenti...

8.4CVSS5.7AI score0.0044EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.158 views

CVE-2017-8509

CVE-2017-8509 is an Office remote code execution vulnerability that arises when Office components mishandle objects in memory, allowing an attacker to take control of an affected system if a user opens a crafted Office file. Public details in connected documents indicate the vulnerability affects...

9.3CVSS7.2AI score0.17178EPSS
CVE
CVE
added 2021/06/08 10:46 p.m.158 views

CVE-2021-31963

CVE-2021-31963 is a Microsoft SharePoint Server remote code execution vulnerability affecting on-premises SharePoint Server. Connected sources confirm the issue exists and that Microsoft released fixes in June 2021 (e.g., KB5001954 for SharePoint Enterprise Server 2013 and related updates noted i...

8.8CVSS7.2AI score0.02121EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.157 views

CVE-2020-17121

No concrete technical details for CVE-2020-17121 are present in the provided connected documents; they only reference it among December 2020 SharePoint updates without specifics on affected components or root cause.

8.8CVSS8.8AI score0.03057EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.157 views

CVE-2024-38018

CVE-2024-38018 affects Microsoft SharePoint Server and is described as a remote code execution vulnerability. Connected sources indicate the issue arises from improper handling of serialized instances of the SPThemes class, enabling an attacker to execute arbitrary code on the target system. Repo...

8.8CVSS8.7AI score0.51461EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.155 views

CVE-2020-17115

CVE-2020-17115 is described across connected sources as a session spoofing vulnerability in Microsoft SharePoint Server. The provided Nessus plugin entries group this CVE with other SharePoint CVEs and indicate vulnerable state when updates are missing (e.g., December 2020 security updates). Conc...

8CVSS8AI score0.02601EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.153 views

CVE-2021-31172

CVE-2021-31172 is a Microsoft SharePoint Server spoofing vulnerability. Public docs here indicate the issue is addressed by the May 11, 2021 security update for SharePoint Server 2019 (KB5001916), which also covers related CVEs in the same bulletin. The CVE entry cites a SharePoint spoofing vulne...

7.1CVSS6.8AI score0.01812EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.150 views

CVE-2021-31173

CVE-2021-31173 is a Microsoft SharePoint Server Information Disclosure vulnerability. Public sources (NVD) assign a CVSS v3.1 base score of 6.5 (Network, Low attack complexity, Low privileges required, No user interaction) with a high potential impact to confidentiality and no impact to integrity...

6.5CVSS5.6AI score0.02079EPSS
CVE
CVE
added 2021/07/14 5:54 p.m.150 views

CVE-2021-34517

CVE-2021-34517 is a Microsoft SharePoint Server spoofing vulnerability. Connected sources indicate this CVE is addressed by Security Update KB5001975 for SharePoint Server 2019 (16.0.10376.20001). The KB entry associates the CVE with SharePoint Server spoofing remediation and notes that the updat...

5.3CVSS6.2AI score0.01767EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.150 views

CVE-2024-30044

CVE-2024-30044 is a Microsoft SharePoint Server Remote Code Execution vulnerability reported across multiple feeds. The connected docs identify the affected product as SharePoint Server and describe a remote code execution flaw that could allow an attacker to run arbitrary code on the target syst...

7.2CVSS7AI score0.8399EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.149 views

CVE-2022-30157

CVE-2022-30157 relates to Microsoft SharePoint Server remote code execution. CNVD-2022-59590 and the MSRC advisory KB5002224 describe a remote-code-execution vulnerability in SharePoint Server (Subscription Edition included). The patch KB5002224 (June 14, 2022) mitigates this by applying security...

8.8CVSS8.7AI score0.07366EPSS
CVE
CVE
added 2024/05/14 4:57 p.m.146 views

CVE-2024-30043

CVE-2024-30043 affects Microsoft SharePoint Server (on-premises) and is caused by improper restriction of XML External Entity (XXE) references, enabling information disclosure. Public details include an XXE exploit example for SharePoint Server 2019 and related advisories. Affected product/versio...

7.5CVSS6AI score0.54659EPSS
CVE
CVE
added 2021/05/11 7:11 p.m.145 views

CVE-2021-28478

Technical details about CVE-2021-28478 are not provided in the connected documents. They only reference a SharePoint spoofing vulnerability without specific affected versions, vectors, or remediation. Monitor official disclosures and patches for updates.

7.6CVSS7.1AI score0.01569EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.145 views

CVE-2024-38023

CVE-2024-38023 affects on-premises Microsoft SharePoint Server. Exploitation path described in connected docs: an attacker with Site Owner permissions can abuse the BDC (Business Data Connectivity) feature via a malicious BDCMetadata.bdcm file to trigger reflective code execution, resulting in RC...

7.2CVSS7.3AI score0.529EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.144 views

CVE-2017-0254

CVE-2017-0254 concerns a remote code execution in Microsoft Office applications (Word, PowerPoint, etc.) and related components when the software fails to properly handle objects in memory. The vulnerability affects multiple Office products across Windows and macOS (e.g., Word 2007, Office 2010 S...

9.3CVSS7.6AI score0.19817EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.140 views

CVE-2020-17120

The CVE-2020-17120 entry corresponds to a Microsoft SharePoint Information Disclosure Vulnerability. Connected sources confirm it is part of multiple SharePoint Server vulnerabilities across several versions (2010, 2013, 2016, 2019) and is listed among updates released in December 2020. The vulne...

6.5CVSS5.7AI score0.02986EPSS
CVE
CVE
added 2020/12/09 11:36 p.m.139 views

CVE-2020-17089

CVE-2020-17089 is a Microsoft SharePoint elevation-of-privilege vulnerability reported across multiple advisories. Connected sources confirm the issue affects SharePoint Server instances and is associated with related CVEs (e.g., CVE-2020-17115, CVE-2020-17118, CVE-2020-17120, CVE-2020-17121, CVE...

8CVSS7.2AI score0.0281EPSS
CVE
CVE
added 2021/04/13 7:33 p.m.139 views

CVE-2021-28450

CVE-2021-28450 is a Microsoft SharePoint Denial of Service vulnerability affecting SharePoint Server 2010–2019 (and related versions) with CVE-2021-28453 referenced as a Word RCE vulnerability. Connected advisories/scans indicate multiple vulnerabilities in SharePoint Server lines and map to Micr...

6.5CVSS5.9AI score0.02395EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.137 views

CVE-2022-30158

CVE-2022-30158 corresponds to a Microsoft SharePoint Server remote code execution vulnerability. According to the connected sources, the vulnerability affects Microsoft SharePoint Server with RCE potential impacting confidentiality, integrity, and availability (all High). The CVSS v3.1 score is 8...

8.8CVSS8.7AI score0.03031EPSS
Total number of security vulnerabilities211