VYPR

Sharepoint Server

by Microsoft

CVEs (575)

  • CVE-2026-47638MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-47637MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45479MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45468MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45467MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-45462MedJun 9, 2026
    risk 0.30cvss 4.6epss 0.01

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2026-20945MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.25

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

  • CVE-2023-29357KEVJun 13, 2023
    risk 0.29cvss epss 1.00

    Microsoft SharePoint Server Elevation of Privilege Vulnerability

  • CVE-2019-0604KEVMar 6, 2019
    risk 0.29cvss epss 1.00

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.

  • CVE-2010-3243MedOct 13, 2010
    risk 0.29cvss 4.3epss 0.16

    Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or…

  • CVE-2025-53770KEVJul 20, 2025
    risk 0.28cvss epss 1.00

    Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…

  • CVE-2023-24955KEVMay 9, 2023
    risk 0.28cvss epss 0.85

    Microsoft SharePoint Server Remote Code Execution Vulnerability

  • CVE-2025-49706KEVJul 8, 2025
    risk 0.27cvss epss 1.00

    Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

  • CVE-2025-49704KEVJul 8, 2025
    risk 0.26cvss epss 1.00

    Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

  • CVE-2024-38094KEVJul 9, 2024
    risk 0.24cvss epss 0.55

    Microsoft SharePoint Remote Code Execution Vulnerability

  • CVE-2020-1147KEVJul 14, 2020
    risk 0.22cvss epss 0.94

    A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

  • CVE-2026-45485LowJun 9, 2026
    risk 0.21cvss 3.3epss 0.00

    Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.

  • CVE-2010-3964Dec 16, 2010
    risk 0.11cvss epss 0.94

    Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP…

  • CVE-2020-16952Oct 16, 2020
    risk 0.09cvss epss 0.71

    A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application…

  • CVE-2023-21716Feb 14, 2023
    risk 0.07cvss epss 0.82

    Microsoft Word Remote Code Execution Vulnerability

Page 7 of 29