Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53771 | 0.06 | — | 1.00 | Jul 20, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2021-31181 | 0.06 | — | 0.30 | May 11, 2021 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2015-2468 | 0.06 | — | 0.43 | Aug 15, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office… | |||
| CVE-2013-0081 | 0.06 | — | 0.77 | Sep 11, 2013 | Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of… | |||
| CVE-2011-1892 | 0.06 | — | 0.38 | Sep 15, 2011 | Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove… | |||
| CVE-2009-3830 | 0.06 | — | 0.33 | Oct 30, 2009 | The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx. | |||
| CVE-2007-2581 | 0.06 | — | 0.36 | May 9, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as… | |||
| CVE-2024-43464 | 0.05 | — | 0.36 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2024-30043 | 0.05 | — | 0.55 | May 14, 2024 | Microsoft SharePoint Server Information Disclosure Vulnerability | |||
| CVE-2015-0064 | 0.05 | — | 0.30 | Feb 11, 2015 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory… | |||
| CVE-2013-3180 | 0.05 | — | 0.66 | Sep 11, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability." | |||
| CVE-2010-3324 | 0.05 | — | 0.25 | Sep 17, 2010 | The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the… | |||
| CVE-2010-0817 | 0.05 | — | 0.29 | Apr 29, 2010 | Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter. | |||
| CVE-2025-47166 | 0.04 | — | 0.13 | Jun 10, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2024-38018 | 0.04 | — | 0.51 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2023-28288 | 0.04 | — | 0.06 | Apr 11, 2023 | Microsoft SharePoint Server Spoofing Vulnerability | |||
| CVE-2020-1447 | 0.04 | — | 0.11 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448. | |||
| CVE-2020-1181 | 0.04 | — | 0.69 | Jun 9, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. | |||
| CVE-2013-3179 | 0.04 | — | 0.14 | Sep 11, 2013 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability." | |||
| CVE-2008-4032 | 0.04 | — | 0.48 | Dec 10, 2008 | Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information,… |
- CVE-2025-53771Jul 20, 2025risk 0.06cvss —epss 1.00
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- CVE-2021-31181May 11, 2021risk 0.06cvss —epss 0.30
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2015-2468Aug 15, 2015risk 0.06cvss —epss 0.43
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office…
- CVE-2013-0081Sep 11, 2013risk 0.06cvss —epss 0.77
Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 do not properly process unassigned workflows, which allows remote attackers to cause a denial of service (W3WP process hang) via a crafted URL, aka "SharePoint Denial of…
- CVE-2011-1892Sep 15, 2011risk 0.06cvss —epss 0.38
Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove…
- CVE-2009-3830Oct 30, 2009risk 0.06cvss —epss 0.33
The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
- CVE-2007-2581May 9, 2007risk 0.06cvss —epss 0.36
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as…
- CVE-2024-43464Sep 10, 2024risk 0.05cvss —epss 0.36
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-30043May 14, 2024risk 0.05cvss —epss 0.55
Microsoft SharePoint Server Information Disclosure Vulnerability
- CVE-2015-0064Feb 11, 2015risk 0.05cvss —epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory…
- CVE-2013-3180Sep 11, 2013risk 0.05cvss —epss 0.66
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."
- CVE-2010-3324Sep 17, 2010risk 0.05cvss —epss 0.25
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the…
- CVE-2010-0817Apr 29, 2010risk 0.05cvss —epss 0.29
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
- CVE-2025-47166Jun 10, 2025risk 0.04cvss —epss 0.13
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2024-38018Sep 10, 2024risk 0.04cvss —epss 0.51
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2023-28288Apr 11, 2023risk 0.04cvss —epss 0.06
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2020-1447Jul 14, 2020risk 0.04cvss —epss 0.11
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1448.
- CVE-2020-1181Jun 9, 2020risk 0.04cvss —epss 0.69
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
- CVE-2013-3179Sep 11, 2013risk 0.04cvss —epss 0.14
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
- CVE-2008-4032Dec 10, 2008risk 0.04cvss —epss 0.48
Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information,…
Page 8 of 29