283 matches found
CVE-2022-41061
Microsoft Word Remote Code Execution Vulnerability
CVE-2020-0954
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925...
CVE-2020-17120
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2025-27747
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2020-0930
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925...
CVE-2020-1342
An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1445.
CVE-2021-31965
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-38023
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-16948
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.</p><p>To exploit the vulnerability, an attacker ...
CVE-2020-17089
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2021-24066
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2020-0892
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
CVE-2020-1177
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1183, CVE-2020-1297, CVE-2020-1298...
CVE-2020-1503
An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory. An attacker who exploited the vulnerability could use the information to compromise the user’s computer or data.To exploit the vulnerability, an attacker could craft a special documen...
CVE-2021-1716
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36891
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-29794
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2019-1261
A spoofing vulnerability exists in Microsoft SharePoint when it improperly handles requests to authorize applications, resulting in cross-site request forgery (CSRF).To exploit this vulnerability, an attacker would need to create a page specifically designed to cause a cross-site request, aka 'Micr...
CVE-2020-16946
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
CVE-2022-30171
Microsoft Office Information Disclosure Vulnerability
CVE-2021-42309
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21348
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-53770
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...
CVE-2020-0926
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0923, CVE-2020-0924, CVE-2020-0925...
CVE-2020-16941
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages. An attacker who took advantage of this information disclosure could view the folder path of scripts loaded on the page.</p><p>To take advan...
CVE-2021-1726
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2021-40482
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2020-1345
<p>A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoi...
CVE-2020-1444
A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.
CVE-2021-24072
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2021-28450
Microsoft SharePoint Denial of Service Vulnerability
CVE-2021-31171
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2021-31964
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-33157
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2023-36890
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2025-21344
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2019-1203
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...
CVE-2020-1439
A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.
CVE-2023-36894
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2020-0923
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0924, CVE-2020-0925, CVE-2020-0926...
CVE-2023-33160
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2020-1218
<p>A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could use a specially crafted file to perform actions in the security context of the current user. For example, the...
CVE-2020-1447
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.
CVE-2021-31948
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2022-41103
Microsoft Word Information Disclosure Vulnerability
CVE-2025-29793
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2020-17017
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2024-30100
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2019-1260
An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.
CVE-2020-1335
<p>A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with admin...