VYPR

Sharepoint Server

by Microsoft

CVEs (575)

  • CVE-2022-41061HigNov 9, 2022
    risk 0.51cvss 7.8epss 0.01

    Microsoft Word Remote Code Execution Vulnerability

  • CVE-2016-0025HigJun 16, 2016
    risk 0.49cvss 7.3epss 0.17

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint…

  • CVE-2016-7291HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7290HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory or cause a…

  • CVE-2016-7268HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word for Mac 2011, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from process memory…

  • CVE-2016-7265HigDec 20, 2016
    risk 0.48cvss 7.1epss 0.23

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to obtain sensitive…

  • CVE-2026-47634HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45481HigJun 9, 2026
    risk 0.47cvss 7.3epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2016-7233MedNov 10, 2016
    risk 0.44cvss 6.5epss 0.22

    Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information…

  • CVE-2026-45454MedJun 9, 2026
    risk 0.42cvss 6.5epss 0.02

    Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2011-1252MedJun 16, 2011
    risk 0.41cvss 6.1epss 0.14

    Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2,…

  • CVE-2017-0107MedMar 17, 2017
    risk 0.40cvss 6.1epss 0.07

    Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability."

  • CVE-2015-6117MedJan 13, 2016
    risk 0.40cvss 6.1epss 0.07

    Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature…

  • CVE-2017-0105MedMar 17, 2017
    risk 0.38cvss 5.5epss 0.30

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to obtain sensitive information from out-of-bound memory via a…

  • CVE-2016-3234MedJun 16, 2016
    risk 0.38cvss 5.5epss 0.26

    Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1…

  • CVE-2016-3279MedJul 13, 2016
    risk 0.37cvss 5.5epss 0.16

    Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and…

  • CVE-2026-44821MedJun 9, 2026
    risk 0.36cvss 5.5epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2022-41103MedNov 9, 2022
    risk 0.36cvss 5.5epss 0.01

    Microsoft Word Information Disclosure Vulnerability

  • CVE-2022-41060MedNov 9, 2022
    risk 0.36cvss 5.5epss 0.01

    Microsoft Word Information Disclosure Vulnerability

  • CVE-2018-8378MedAug 15, 2018
    risk 0.36cvss 5.5epss 0.07

    An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Word, Microsoft…

Page 4 of 29