Sharepoint Server
by Microsoft
CVEs (575)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-1888 | 0.04 | — | 0.08 | Apr 18, 2008 | Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor. | |||
| CVE-2025-54897 | 0.03 | — | 0.18 | Sep 9, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-49712 | 0.03 | — | 0.17 | Aug 12, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2023-21744 | 0.03 | — | 0.03 | Jan 10, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2022-37961 | 0.03 | — | 0.50 | Sep 13, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2022-35823 | 0.03 | — | 0.53 | Sep 13, 2022 | Microsoft SharePoint Remote Code Execution Vulnerability | |||
| CVE-2021-31950 | 0.03 | — | 0.05 | Jun 8, 2021 | Microsoft SharePoint Server Spoofing Vulnerability | |||
| CVE-2020-1448 | 0.03 | — | 0.10 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447. | |||
| CVE-2020-1446 | 0.03 | — | 0.11 | Jul 14, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448. | |||
| CVE-2020-1102 | 0.03 | — | 0.15 | May 21, 2020 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024. | |||
| CVE-2020-0980 | 0.03 | — | 0.12 | Apr 15, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | |||
| CVE-2020-0892 | 0.03 | — | 0.12 | Mar 12, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855. | |||
| CVE-2020-0852 | 0.03 | — | 0.12 | Mar 12, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892. | |||
| CVE-2020-0850 | 0.03 | — | 0.09 | Mar 12, 2020 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892. | |||
| CVE-2019-1331 | 0.03 | — | 0.18 | Oct 10, 2019 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327. | |||
| CVE-2019-1296 | 0.03 | — | 0.08 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295. | |||
| CVE-2019-1295 | 0.03 | — | 0.08 | Sep 11, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296. | |||
| CVE-2019-1262 | 0.03 | — | 0.03 | Sep 11, 2019 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||
| CVE-2019-0952 | 0.03 | — | 0.10 | May 16, 2019 | A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. | |||
| CVE-2018-8539 | 0.03 | — | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from… |
- CVE-2008-1888Apr 18, 2008risk 0.04cvss —epss 0.08
Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
- CVE-2025-54897Sep 9, 2025risk 0.03cvss —epss 0.18
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-49712Aug 12, 2025risk 0.03cvss —epss 0.17
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2023-21744Jan 10, 2023risk 0.03cvss —epss 0.03
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-37961Sep 13, 2022risk 0.03cvss —epss 0.50
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2022-35823Sep 13, 2022risk 0.03cvss —epss 0.53
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2021-31950Jun 8, 2021risk 0.03cvss —epss 0.05
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2020-1448Jul 14, 2020risk 0.03cvss —epss 0.10
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1446, CVE-2020-1447.
- CVE-2020-1446Jul 14, 2020risk 0.03cvss —epss 0.11
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1447, CVE-2020-1448.
- CVE-2020-1102May 21, 2020risk 0.03cvss —epss 0.15
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.
- CVE-2020-0980Apr 15, 2020risk 0.03cvss —epss 0.12
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.
- CVE-2020-0892Mar 12, 2020risk 0.03cvss —epss 0.12
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0855.
- CVE-2020-0852Mar 12, 2020risk 0.03cvss —epss 0.12
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0855, CVE-2020-0892.
- CVE-2020-0850Mar 12, 2020risk 0.03cvss —epss 0.09
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0851, CVE-2020-0852, CVE-2020-0855, CVE-2020-0892.
- CVE-2019-1331Oct 10, 2019risk 0.03cvss —epss 0.18
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1327.
- CVE-2019-1296Sep 11, 2019risk 0.03cvss —epss 0.08
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1295.
- CVE-2019-1295Sep 11, 2019risk 0.03cvss —epss 0.08
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1257, CVE-2019-1296.
- CVE-2019-1262Sep 11, 2019risk 0.03cvss —epss 0.03
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
- CVE-2019-0952May 16, 2019risk 0.03cvss —epss 0.10
A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'.
- CVE-2018-8539Nov 14, 2018risk 0.03cvss —epss 0.19
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft SharePoint Server, Microsoft Office. This CVE ID is unique from…
Page 9 of 29