Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."

6.8CVSS6.7AI score0.16358EPSS

CVE•added 2023/06/14 12:15 a.m.•130 views

CVE-2023-33129

Microsoft SharePoint Server Denial of Service Vulnerability

6.5CVSS6.6AI score0.03642EPSS

CVE•added 2022/11/09 10:15 p.m.•129 views

CVE-2022-41122

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS6.2AI score0.02926EPSS

CVE•added 2023/06/14 12:15 a.m.•121 views

CVE-2023-33132

Microsoft SharePoint Server Spoofing Vulnerability

6.3CVSS6.4AI score0.00281EPSS

CVE•added 2020/10/16 11:15 p.m.•119 views

CVE-2020-16953

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.To exploit the vulnerability, an attacker would have...

6.5CVSS6.8AI score0.14182EPSS

CVE•added 2023/06/14 12:15 a.m.•119 views

CVE-2023-33142

Microsoft SharePoint Server Elevation of Privilege Vulnerability

6.5CVSS6.6AI score0.01717EPSS

CVE•added 2020/12/10 12:15 a.m.•117 views

CVE-2020-17120

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.7AI score0.07631EPSS

CVE•added 2021/06/08 11:15 p.m.•114 views

CVE-2021-31965

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS5.4AI score0.04093EPSS

CVE•added 2020/10/16 11:15 p.m.•113 views

CVE-2020-16948

6.5CVSS6.8AI score0.15076EPSS

CVE•added 2021/04/13 8:15 p.m.•106 views

CVE-2021-28450

Microsoft SharePoint Denial of Service Vulnerability

6.5CVSS5.9AI score0.0103EPSS

CVE•added 2023/08/08 6:15 p.m.•106 views

CVE-2023-36890

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.3AI score0.02215EPSS

CVE•added 2023/08/08 6:15 p.m.•105 views

CVE-2023-36894

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS6.3AI score0.01359EPSS

CVE•added 2020/11/11 7:15 a.m.•102 views

CVE-2020-17017

Microsoft SharePoint Information Disclosure Vulnerability

6.8CVSS6.4AI score0.04048EPSS

CVE•added 2019/09/11 10:15 p.m.•101 views

CVE-2019-1260

An elevation of privilege vulnerability exists in Microsoft SharePoint, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'.

6.5CVSS7.2AI score0.11221EPSS

CVE•added 2024/12/12 2:4 a.m.•98 views

CVE-2024-49062

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS6.1AI score0.01162EPSS

CVE•added 2020/11/11 7:15 a.m.•94 views

CVE-2020-16979

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.2AI score0.04048EPSS

CVE•added 2020/06/09 8:15 p.m.•93 views

CVE-2020-1323

An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'.

6.1CVSS6.5AI score0.014EPSS

CVE•added 2020/09/11 5:15 p.m.•93 views

CVE-2020-1440

A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnerability could modify a targeted user's profile data.To exploit the vulnerability, an attacker would need to be authenticated on an affected Shar...

6.3CVSS7.2AI score0.01697EPSS

CVE•added 2020/11/11 7:15 a.m.•93 views

CVE-2020-17015

Microsoft SharePoint Server Spoofing Vulnerability

6.5CVSS4.8AI score0.02613EPSS

CVE•added 2020/05/21 11:15 p.m.•91 views

CVE-2020-1103

An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a mal...

6.5CVSS6.4AI score0.08862EPSS

CVE•added 2021/03/11 4:15 p.m.•90 views

CVE-2021-27052

Microsoft SharePoint Server Information Disclosure Vulnerability

6.5CVSS5.3AI score0.08862EPSS

CVE•added 2021/02/25 11:15 p.m.•86 views

CVE-2021-24071

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS5.7AI score0.08862EPSS

CVE•added 2020/05/21 11:15 p.m.•84 views

CVE-2020-1106

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101...

6.1CVSS5.1AI score0.01851EPSS

CVE•added 2019/11/12 7:15 p.m.•83 views

CVE-2019-1443

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The secu...

6.5CVSS5.8AI score0.15084EPSS

CVE•added 2020/09/11 5:15 p.m.•83 views

CVE-2020-1482

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

6.3CVSS6.7AI score0.00438EPSS

CVE•added 2016/11/10 6:59 a.m.•81 views

CVE-2016-7233

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or ...

6.5CVSS6.3AI score0.13703EPSS

CVE•added 2025/01/14 6:16 p.m.•78 views

CVE-2025-21393

Microsoft SharePoint Server Spoofing Vulnerability

6.3CVSS6.2AI score0.00127EPSS

CVE•added 2018/05/09 7:29 p.m.•72 views

CVE-2018-8160

An information disclosure vulnerability exists in Outlook when a message is opened, aka "Microsoft Outlook Information Disclosure Vulnerability." This affects Word, Microsoft Office.

6.5CVSS6.1AI score0.24705EPSS

CVE•added 2013/12/11 12:55 a.m.•65 views

CVE-2013-5059

Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."

6.8CVSS7.6AI score0.11014EPSS

CVE•added 2016/01/13 5:59 a.m.•63 views

CVE-2015-6117

Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulne...

6.1CVSS5.3AI score0.01683EPSS

CVE•added 2012/07/10 9:55 p.m.•60 views

CVE-2012-1862

Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."

6.8CVSS6.5AI score0.11814EPSS

CVE•added 2024/12/12 2:4 a.m.•57 views

CVE-2024-49064

Microsoft SharePoint Information Disclosure Vulnerability

6.5CVSS6.1AI score0.00544EPSS

CVE•added 2015/05/13 10:59 a.m.•52 views

CVE-2015-1700

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."

6CVSS7.3AI score0.24037EPSS

CVE•added 2025/08/12 6:15 p.m.•16 views

CVE-2025-53736

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

6.8CVSS6.7AI score0.00051EPSS