Office SharePoint
by Microsoft
CVEs (192)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53770 | Cri | 0.93 | 9.8 | 1.00 | KEV | Jul 20, 2025 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update… | |
| CVE-2023-29357 | Cri | 0.93 | 9.8 | 1.00 | KEV | Jun 14, 2023 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | |
| CVE-2025-49704 | Hig | 0.86 | 8.8 | 1.00 | KEV | Jul 8, 2025 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |
| CVE-2026-20963 | Cri | 0.78 | 9.8 | 0.29 | KEV | Jan 13, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. | |
| CVE-2023-24955 | Hig | 0.75 | 7.2 | 0.85 | KEV | May 9, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |
| CVE-2025-49706 | Med | 0.71 | 6.5 | 1.00 | KEV | Jul 8, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |
| CVE-2023-21716 | Cri | 0.70 | 9.8 | 0.82 | Feb 14, 2023 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2024-38094 | Hig | 0.69 | 7.2 | 0.48 | KEV | Jul 9, 2024 | Microsoft SharePoint Remote Code Execution Vulnerability | |
| CVE-2025-59245 | Cri | 0.64 | 9.8 | 0.01 | Nov 20, 2025 | Microsoft SharePoint Online Elevation of Privilege Vulnerability | ||
| CVE-2022-44690 | Hig | 0.64 | 8.8 | 0.82 | Dec 13, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2022-38053 | Hig | 0.63 | 8.8 | 0.76 | Oct 11, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2023-21742 | Hig | 0.62 | 8.8 | 0.56 | Jan 10, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2025-47166 | Hig | 0.61 | 8.8 | 0.13 | Jun 10, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2024-38018 | Hig | 0.61 | 8.8 | 0.51 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2023-33157 | Hig | 0.61 | 8.8 | 0.41 | Jul 11, 2023 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2022-37961 | Hig | 0.61 | 8.8 | 0.50 | Sep 13, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2022-35823 | Hig | 0.61 | 8.8 | 0.53 | Sep 13, 2022 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2024-21318 | Hig | 0.60 | 8.8 | 0.31 | Jan 9, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2026-20947 | Hig | 0.59 | 8.8 | 0.18 | Jan 13, 2026 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-54897 | Hig | 0.59 | 8.8 | 0.18 | Sep 9, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
- risk 0.93cvss 9.8epss 1.00
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…
- risk 0.93cvss 9.8epss 1.00
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- risk 0.86cvss 8.8epss 1.00
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.78cvss 9.8epss 0.29
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.
- risk 0.75cvss 7.2epss 0.85
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.71cvss 6.5epss 1.00
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.70cvss 9.8epss 0.82
Microsoft Word Remote Code Execution Vulnerability
- risk 0.69cvss 7.2epss 0.48
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.64cvss 9.8epss 0.01
Microsoft SharePoint Online Elevation of Privilege Vulnerability
- risk 0.64cvss 8.8epss 0.82
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.63cvss 8.8epss 0.76
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.62cvss 8.8epss 0.56
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.61cvss 8.8epss 0.13
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.61cvss 8.8epss 0.51
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.61cvss 8.8epss 0.41
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.61cvss 8.8epss 0.50
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.61cvss 8.8epss 0.53
Microsoft SharePoint Remote Code Execution Vulnerability
- risk 0.60cvss 8.8epss 0.31
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.59cvss 8.8epss 0.18
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.59cvss 8.8epss 0.18
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Page 1 of 10