Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-47638 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-47637 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45479 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45468 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45467 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-45462 | Med | 0.30 | 4.6 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2026-20945 | Med | 0.30 | 4.6 | 0.25 | Apr 14, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2023-29357 | 0.29 | — | 1.00 | KEV | Jun 13, 2023 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||
| CVE-2019-0604 | 0.29 | — | 1.00 | KEV | Mar 6, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | ||
| CVE-2010-3243 | Med | 0.29 | 4.3 | 0.16 | Oct 13, 2010 | Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or… | ||
| CVE-2025-53770 | 0.28 | — | 1.00 | KEV | Jul 20, 2025 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update… | ||
| CVE-2023-24955 | 0.28 | — | 0.85 | KEV | May 9, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2025-49706 | 0.27 | — | 1.00 | KEV | Jul 8, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49704 | 0.26 | — | 1.00 | KEV | Jul 8, 2025 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2024-38094 | 0.24 | — | 0.55 | KEV | Jul 9, 2024 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2020-1147 | 0.22 | — | 0.94 | KEV | Jul 14, 2020 | A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | ||
| CVE-2026-45485 | Low | 0.21 | 3.3 | 0.00 | Jun 9, 2026 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||
| CVE-2010-3964 | 0.11 | — | 0.94 | Dec 16, 2010 | Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP… | |||
| CVE-2020-16952 | 0.09 | — | 0.71 | Oct 16, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application… | |||
| CVE-2023-21716 | 0.07 | — | 0.82 | Feb 14, 2023 | Microsoft Word Remote Code Execution Vulnerability |
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.30cvss 4.6epss 0.25
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.29cvss —epss 1.00
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- risk 0.29cvss —epss 1.00
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
- risk 0.29cvss 4.3epss 0.16
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or…
- risk 0.28cvss —epss 1.00
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…
- risk 0.28cvss —epss 0.85
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.27cvss —epss 1.00
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.26cvss —epss 1.00
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.24cvss —epss 0.55
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.22cvss —epss 0.94
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
- risk 0.21cvss 3.3epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
- CVE-2010-3964Dec 16, 2010risk 0.11cvss —epss 0.94
Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP…
- CVE-2020-16952Oct 16, 2020risk 0.09cvss —epss 0.71
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…
- CVE-2023-21716Feb 14, 2023risk 0.07cvss —epss 0.82
Microsoft Word Remote Code Execution Vulnerability
Page 7 of 29