Sharepoint Server Security Vulnerabilities and Issues — Sharepoint Server CVE List

Lucene search

MicrosoftSharepoint Server

63 matches found

CVE•added 2020/07/14 11:15 p.m.•1274 views

CVE-2020-1147

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8CVSS8.1AI score0.92846EPSS

CVE•added 2023/09/12 5:15 p.m.•537 views

CVE-2023-36762

Microsoft Word Remote Code Execution Vulnerability

7.3CVSS7.3AI score0.00128EPSS

CVE•added 2023/05/09 6:15 p.m.•349 views

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS8.6AI score0.92058EPSS

CVE•added 2019/07/15 7:15 p.m.•271 views

CVE-2019-1006

An authentication bypass vulnerability exists in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys, aka 'WCF/WIF SAML Token Authentication Bypass Vulnerability'.

7.5CVSS7.8AI score0.03045EPSS

CVE•added 2024/07/09 5:15 p.m.•246 views

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

7.2CVSS7.5AI score0.84422EPSS

CVE•added 2024/03/12 5:15 p.m.•234 views

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.01233EPSS

CVE•added 2021/11/10 1:19 a.m.•191 views

CVE-2021-40442

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.6AI score0.03015EPSS

CVE•added 2021/10/13 1:15 a.m.•185 views

CVE-2021-40486

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.02746EPSS

CVE•added 2020/10/16 11:15 p.m.•176 views

CVE-2020-16929

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administ...

7.8CVSS7.9AI score0.11232EPSS

CVE•added 2023/07/11 6:15 p.m.•171 views

CVE-2023-33165

Microsoft SharePoint Server Security Feature Bypass Vulnerability

7.5CVSS5.7AI score0.01371EPSS

CVE•added 2021/08/12 6:15 p.m.•164 views

CVE-2021-36940

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.5AI score0.00973EPSS

CVE•added 2022/01/11 9:15 p.m.•148 views

CVE-2022-21842

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.01897EPSS

CVE•added 2021/04/13 8:15 p.m.•145 views

CVE-2021-28453

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.0241EPSS

CVE•added 2013/03/13 12:55 a.m.•138 views

CVE-2013-0084

Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."

7.5CVSS6.5AI score0.28777EPSS

CVE•added 2021/06/08 11:15 p.m.•138 views

CVE-2021-31966

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.2AI score0.13101EPSS

CVE•added 2021/05/11 7:15 p.m.•137 views

CVE-2021-26418

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS5.2AI score0.00773EPSS

CVE•added 2021/05/11 7:15 p.m.•137 views

CVE-2021-31172

Microsoft SharePoint Server Spoofing Vulnerability

7.1CVSS6.8AI score0.04736EPSS

CVE•added 2020/09/11 5:15 p.m.•133 views

CVE-2020-1198

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint ...

7.4CVSS7AI score0.00518EPSS

CVE•added 2013/03/13 12:55 a.m.•130 views

CVE-2013-0080

Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."

7.5CVSS6.5AI score0.41937EPSS

CVE•added 2023/06/14 12:15 a.m.•130 views

CVE-2023-33130

Microsoft SharePoint Server Spoofing Vulnerability

7.3CVSS7.1AI score0.00408EPSS

CVE•added 2021/05/11 7:15 p.m.•125 views

CVE-2021-28478

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS7.1AI score0.02955EPSS

CVE•added 2024/05/14 5:17 p.m.•122 views

CVE-2024-30044

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7AI score0.47339EPSS

CVE•added 2024/05/14 5:17 p.m.•121 views

CVE-2024-30043

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5CVSS6AI score0.44235EPSS

CVE•added 2022/11/09 10:15 p.m.•116 views

CVE-2022-41061

Microsoft Word Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00249EPSS

CVE•added 2021/10/13 1:15 a.m.•115 views

CVE-2021-40485

Microsoft Excel Remote Code Execution Vulnerability

7.8CVSS7.7AI score0.00865EPSS

CVE•added 2025/04/08 6:16 p.m.•115 views

CVE-2025-27747

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2024/07/09 5:15 p.m.•112 views

CVE-2024-38023

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.3AI score0.65122EPSS

CVE•added 2025/01/14 6:16 p.m.•107 views

CVE-2025-21348

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.2AI score0.01265EPSS

CVE•added 2021/10/13 1:15 a.m.•106 views

CVE-2021-40482

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5CVSS5.3AI score0.02662EPSS

CVE•added 2020/09/11 5:15 p.m.•105 views

CVE-2020-1345

7.4CVSS7.3AI score0.00536EPSS

CVE•added 2025/01/14 6:16 p.m.•105 views

CVE-2025-21344

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00371EPSS

CVE•added 2021/09/15 12:15 p.m.•103 views

CVE-2021-38652

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.2AI score0.01283EPSS

CVE•added 2025/04/08 6:16 p.m.•102 views

CVE-2025-29793

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

7.2CVSS7.4AI score0.02321EPSS

CVE•added 2024/06/11 5:15 p.m.•101 views

CVE-2024-30100

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.8CVSS7.8AI score0.00671EPSS

CVE•added 2021/09/15 12:15 p.m.•95 views

CVE-2021-38651

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.2AI score0.0108EPSS

CVE•added 2021/10/13 1:15 a.m.•95 views

CVE-2021-40483

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.4AI score0.06439EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-32987

Microsoft SharePoint Server Information Disclosure Vulnerability

7.5CVSS7.2AI score0.16251EPSS

CVE•added 2024/07/09 5:15 p.m.•93 views

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.3AI score0.68797EPSS

CVE•added 2021/10/13 1:15 a.m.•86 views

CVE-2021-40484

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS5.4AI score0.06439EPSS

CVE•added 2025/04/08 6:16 p.m.•86 views

CVE-2025-29820

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2025/04/08 6:15 p.m.•85 views

CVE-2025-26642

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.4AI score0.001EPSS

CVE•added 2016/12/20 6:59 a.m.•83 views

CVE-2016-7265

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive information from process me...

7.1CVSS6.7AI score0.11255EPSS

CVE•added 2016/12/20 6:59 a.m.•81 views

CVE-2016-7290

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (ou...

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2021/12/15 3:15 p.m.•77 views

CVE-2021-43242

Microsoft SharePoint Server Spoofing Vulnerability

7.6CVSS6.4AI score0.00826EPSS

CVE•added 2016/12/20 6:59 a.m.•76 views

CVE-2016-7291

7.1CVSS6.5AI score0.09192EPSS

CVE•added 2024/09/10 5:15 p.m.•75 views

CVE-2024-43464

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.66597EPSS

CVE•added 2016/12/20 6:59 a.m.•73 views

CVE-2016-7268

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a denial o...

7.1CVSS6.7AI score0.09192EPSS

CVE•added 2021/12/15 3:15 p.m.•73 views

CVE-2021-42294

Microsoft SharePoint Server Remote Code Execution Vulnerability

7.2CVSS7.8AI score0.00685EPSS

CVE•added 2025/04/08 6:16 p.m.•71 views

CVE-2025-27746

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2010/12/16 7:33 p.m.•70 views

CVE-2010-3964

Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Mal...

7.5CVSS7.7AI score0.90105EPSS

Total number of security vulnerabilities63