Sharepoint Server@2019 Security Vulnerabilities and Issues — Sharepoint Server@2019 CVE List

CVE•added 2020/07/14 11:15 p.m.•1305 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92815EPSS

CVE•added 2019/01/08 9:29 p.m.•1135 views

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsof...

9.3CVSS8.3AI score0.32912EPSS

CVE•added 2025/07/20 1:15 a.m.•613 views

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...

9.8CVSS6.8AI score0.88053EPSS

CVE•added 2023/02/14 8:15 p.m.•609 views

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.91148EPSS

CVE•added 2023/06/14 12:15 a.m.•583 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

9.8CVSS9.6AI score0.94356EPSS

CVE•added 2022/02/09 5:15 p.m.•579 views

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.08246EPSS

CVE•added 2020/07/14 11:15 p.m.•517 views

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an ...

9.8CVSS9.4AI score0.09917EPSS

CVE•added 2018/12/12 12:29 a.m.•484 views

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

9.3CVSS6.1AI score0.35597EPSS

CVE•added 2023/09/12 5:15 p.m.•448 views

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

8.8CVSS8.5AI score0.01061EPSS

CVE•added 2020/03/12 4:15 p.m.•410 views

CVE-2020-0894

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/04/15 3:15 p.m.•409 views

CVE-2020-0929

CVE•added 2020/10/16 11:15 p.m.•381 views

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.6CVSS8.1AI score0.77814EPSS

CVE•added 2023/05/09 6:15 p.m.•376 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS8.6AI score0.91994EPSS

CVE•added 2020/09/11 5:15 p.m.•361 views

CVE-2020-1210

9.9CVSS9.2AI score0.00946EPSS

CVE•added 2020/06/09 8:15 p.m.•335 views

CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.5074EPSS

CVE•added 2020/04/15 3:15 p.m.•307 views

CVE-2020-0932

CVE•added 2024/07/09 5:15 p.m.•283 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

7.2CVSS7.5AI score0.81046EPSS

CVE•added 2019/07/15 7:15 p.m.•276 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2019/03/06 12:0 a.m.•272 views

CVE-2019-0594

8.8CVSS9.5AI score0.94411EPSS

CVE•added 2022/02/09 5:15 p.m.•259 views

CVE-2022-21968

Microsoft SharePoint Server Security Feature Bypass Vulnerability

4.3CVSS6.1AI score0.01755EPSS

CVE•added 2022/05/10 9:15 p.m.•257 views

CVE-2022-29108

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.03829EPSS

CVE•added 2025/02/11 6:15 p.m.•253 views

CVE-2025-21400

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS8AI score0.00342EPSS

CVE•added 2020/10/16 11:15 p.m.•245 views

CVE-2020-16951

8.6CVSS8.1AI score0.01431EPSS

CVE•added 2021/05/11 7:15 p.m.•242 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.18584EPSS

CVE•added 2024/03/12 5:15 p.m.•237 views

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0082EPSS

CVE•added 2025/07/08 5:15 p.m.•226 views

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.15821EPSS

CVE•added 2020/04/15 3:15 p.m.•222 views

CVE-2020-0931

CVE•added 2021/10/13 1:15 a.m.•206 views

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.06042EPSS

CVE•added 2025/07/20 11:15 p.m.•204 views

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.05797EPSS

CVE•added 2022/06/15 10:15 p.m.•201 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2023/01/10 10:15 p.m.•201 views

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.16313EPSS

CVE•added 2025/07/08 5:15 p.m.•199 views

CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8CVSS6.9AI score0.69726EPSS

CVE•added 2021/06/08 11:15 p.m.•193 views

CVE-2021-31950

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.4AI score0.02015EPSS

CVE•added 2023/05/09 6:15 p.m.•192 views

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.4AI score0.02411EPSS

CVE•added 2023/11/14 6:15 p.m.•191 views

CVE-2023-38177

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.8CVSS6.7AI score0.0083EPSS

CVE•added 2023/01/10 10:15 p.m.•190 views

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3CVSS6.4AI score0.02227EPSS

CVE•added 2021/10/13 1:15 a.m.•188 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0342EPSS

CVE•added 2022/01/11 9:15 p.m.•185 views

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

9CVSS8.6AI score0.09593EPSS

CVE•added 2020/04/15 3:15 p.m.•184 views

CVE-2020-0974

CVE•added 2020/07/14 11:15 p.m.•180 views

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2021/05/11 7:15 p.m.•176 views

CVE-2021-28474

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.14589EPSS