Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-59221 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59237 | 0.00 | — | 0.02 | Oct 14, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-59235 | 0.00 | — | 0.01 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-59228 | 0.00 | — | 0.01 | Oct 14, 2025 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-54906 | 0.00 | — | 0.01 | Sep 9, 2025 | Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-54905 | 0.00 | — | 0.01 | Sep 9, 2025 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-53736 | 0.00 | — | 0.00 | Aug 12, 2025 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-53733 | 0.00 | — | 0.00 | Aug 12, 2025 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-53760 | 0.00 | — | 0.11 | Aug 12, 2025 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-49703 | 0.00 | — | 0.01 | Jul 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49701 | 0.00 | — | 0.01 | Jul 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47172 | 0.00 | — | 0.02 | Jun 10, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47169 | 0.00 | — | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47168 | 0.00 | — | 0.01 | Jun 10, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30384 | 0.00 | — | 0.01 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30382 | 0.00 | — | 0.02 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30378 | 0.00 | — | 0.01 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-29976 | 0.00 | — | 0.01 | May 13, 2025 | Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-29820 | 0.00 | — | 0.01 | Apr 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-29794 | 0.00 | — | 0.05 | Apr 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
- CVE-2025-59221Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-59237Oct 14, 2025risk 0.00cvss —epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-59235Oct 14, 2025risk 0.00cvss —epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2025-59228Oct 14, 2025risk 0.00cvss —epss 0.01
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-54906Sep 9, 2025risk 0.00cvss —epss 0.01
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-54905Sep 9, 2025risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53736Aug 12, 2025risk 0.00cvss —epss 0.00
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53733Aug 12, 2025risk 0.00cvss —epss 0.00
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-53760Aug 12, 2025risk 0.00cvss —epss 0.11
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- CVE-2025-49703Jul 8, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-49701Jul 8, 2025risk 0.00cvss —epss 0.01
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47172Jun 10, 2025risk 0.00cvss —epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47169Jun 10, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-47168Jun 10, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-30384May 13, 2025risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30382May 13, 2025risk 0.00cvss —epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30378May 13, 2025risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-29976May 13, 2025risk 0.00cvss —epss 0.01
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
- CVE-2025-29820Apr 8, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-29794Apr 8, 2025risk 0.00cvss —epss 0.05
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Page 20 of 29