Office SharePoint
by Microsoft
CVEs (192)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-20959 | Med | 0.30 | 4.6 | 0.07 | Jan 13, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2023-33165 | Med | 0.28 | 4.3 | 0.01 | Jul 11, 2023 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | ||
| CVE-2022-21968 | Med | 0.28 | 4.3 | 0.02 | Feb 9, 2022 | Microsoft SharePoint Server Security Feature Bypass Vulnerability | ||
| CVE-2018-8580 | Med | 0.28 | 4.3 | 0.04 | Dec 12, 2018 | An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability."… | ||
| CVE-2018-8578 | Med | 0.28 | 4.3 | 0.05 | Nov 14, 2018 | An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint. | ||
| CVE-2023-23395 | Low | 0.20 | 3.1 | 0.01 | Mar 14, 2023 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2026-26106 | 0.00 | — | 0.01 | Mar 10, 2026 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-26114 | 0.00 | — | 0.02 | Mar 10, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-26113 | 0.00 | — | 0.01 | Mar 10, 2026 | Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-26105 | 0.00 | — | 0.01 | Mar 10, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21511 | 0.00 | — | 0.04 | Feb 10, 2026 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21260 | 0.00 | — | 0.01 | Feb 10, 2026 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. |
- risk 0.30cvss 4.6epss 0.07
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.28cvss 4.3epss 0.01
Microsoft SharePoint Server Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.02
Microsoft SharePoint Server Security Feature Bypass Vulnerability
- risk 0.28cvss 4.3epss 0.04
An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF), aka "Microsoft SharePoint Information Disclosure Vulnerability."…
- risk 0.28cvss 4.3epss 0.05
An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint.
- risk 0.20cvss 3.1epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2026-26106Mar 10, 2026risk 0.00cvss —epss 0.01
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2026-26114Mar 10, 2026risk 0.00cvss —epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2026-26113Mar 10, 2026risk 0.00cvss —epss 0.01
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2026-26105Mar 10, 2026risk 0.00cvss —epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21511Feb 10, 2026risk 0.00cvss —epss 0.04
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21260Feb 10, 2026risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
Page 10 of 10