Sharepoint Server@2019 Security Vulnerabilities and Issues — Sharepoint Server@2019 CVE List

CVE•added 2020/07/14 11:15 p.m.•1303 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92798EPSS

CVE•added 2019/01/08 9:29 p.m.•1134 views

CVE-2019-0585

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft SharePoint, Microsof...

9.3CVSS8.3AI score0.32912EPSS

CVE•added 2023/02/14 8:15 p.m.•606 views

CVE-2023-21716

Microsoft Word Remote Code Execution Vulnerability

9.8CVSS9.6AI score0.91148EPSS

CVE•added 2023/06/14 12:15 a.m.•581 views

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

9.8CVSS9.6AI score0.94356EPSS

CVE•added 2022/02/09 5:15 p.m.•578 views

CVE-2022-22005

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.08246EPSS

CVE•added 2025/07/20 1:15 a.m.•544 views

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild.Microsoft is preparing and fully testing a comprehensive update to address this vulner...

9.8CVSS6.8AI score0.87158EPSS

CVE•added 2020/07/14 11:15 p.m.•515 views

CVE-2020-1025

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. An attacker who successfully exploited the vulnerability could bypass authentication and achieve improper access.To exploit this vulnerability, an ...

9.8CVSS9.4AI score0.09917EPSS

CVE•added 2018/12/12 12:29 a.m.•483 views

CVE-2018-8628

A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, ...

9.3CVSS6.1AI score0.35597EPSS

CVE•added 2023/09/12 5:15 p.m.•447 views

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

8.8CVSS8.5AI score0.01061EPSS

CVE•added 2020/03/12 4:15 p.m.•409 views

CVE-2020-0894

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-0893.

5.4CVSS5.1AI score0.00898EPSS

CVE•added 2020/04/15 3:15 p.m.•408 views

CVE-2020-0929

CVE•added 2020/10/16 11:15 p.m.•379 views

CVE-2020-16952

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint s...

8.6CVSS8.1AI score0.79878EPSS

CVE•added 2023/05/09 6:15 p.m.•375 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS8.6AI score0.9228EPSS

CVE•added 2020/09/11 5:15 p.m.•360 views

CVE-2020-1210

9.9CVSS9.2AI score0.00964EPSS

CVE•added 2020/06/09 8:15 p.m.•334 views

CVE-2020-1181

A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.

8.8CVSS8.6AI score0.5074EPSS

CVE•added 2020/04/15 3:15 p.m.•306 views

CVE-2020-0932

CVE•added 2019/07/15 7:15 p.m.•275 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2024/07/09 5:15 p.m.•273 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

7.2CVSS7.5AI score0.81046EPSS

CVE•added 2019/03/06 12:0 a.m.•271 views

CVE-2019-0594

8.8CVSS9.5AI score0.94411EPSS

CVE•added 2022/02/09 5:15 p.m.•258 views

CVE-2022-21968

Microsoft SharePoint Server Security Feature Bypass Vulnerability

4.3CVSS6.1AI score0.01755EPSS

CVE•added 2022/05/10 9:15 p.m.•256 views

CVE-2022-29108

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.03829EPSS

CVE•added 2025/02/11 6:15 p.m.•252 views

CVE-2025-21400

Microsoft SharePoint Server Remote Code Execution Vulnerability

8CVSS8AI score0.00342EPSS

CVE•added 2020/10/16 11:15 p.m.•244 views

CVE-2020-16951

8.6CVSS8.1AI score0.01431EPSS

CVE•added 2021/05/11 7:15 p.m.•241 views

CVE-2021-31181

Microsoft SharePoint Remote Code Execution Vulnerability

8.8CVSS8.7AI score0.18584EPSS

CVE•added 2024/03/12 5:15 p.m.•235 views

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0082EPSS

CVE•added 2020/04/15 3:15 p.m.•221 views

CVE-2020-0931

CVE•added 2025/07/08 5:15 p.m.•212 views

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.18077EPSS

CVE•added 2021/10/13 1:15 a.m.•205 views

CVE-2021-41344

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS7.8AI score0.06042EPSS

CVE•added 2022/06/15 10:15 p.m.•200 views

CVE-2022-30172

Microsoft Office Information Disclosure Vulnerability

5.5CVSS6AI score0.04622EPSS

CVE•added 2023/01/10 10:15 p.m.•199 views

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.16313EPSS

CVE•added 2021/06/08 11:15 p.m.•192 views

CVE-2021-31950

Microsoft SharePoint Server Spoofing Vulnerability

8.1CVSS7.4AI score0.02015EPSS

CVE•added 2023/05/09 6:15 p.m.•191 views

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.4AI score0.02411EPSS

CVE•added 2023/11/14 6:15 p.m.•190 views

CVE-2023-38177

Microsoft SharePoint Server Remote Code Execution Vulnerability

6.8CVSS6.7AI score0.0083EPSS

CVE•added 2025/07/20 11:15 p.m.•190 views

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

6.5CVSS7.5AI score0.05808EPSS

CVE•added 2023/01/10 10:15 p.m.•189 views

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

5.3CVSS6.4AI score0.02227EPSS

CVE•added 2021/10/13 1:15 a.m.•187 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.0342EPSS

CVE•added 2025/07/08 5:15 p.m.•186 views

CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

8.8CVSS6.9AI score0.65427EPSS

CVE•added 2022/01/11 9:15 p.m.•184 views

CVE-2022-21837

Microsoft SharePoint Server Remote Code Execution Vulnerability

9CVSS8.6AI score0.09593EPSS

CVE•added 2020/04/15 3:15 p.m.•183 views

CVE-2020-0974

CVE•added 2020/07/14 11:15 p.m.•179 views

CVE-2020-1446

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.

8.8CVSS8.8AI score0.43263EPSS

CVE•added 2021/05/11 7:15 p.m.•175 views

CVE-2021-28474

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8CVSS8.8AI score0.14589EPSS