Office SharePoint
by Microsoft
CVEs (192)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49712 | Hig | 0.59 | 8.8 | 0.18 | Aug 12, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2022-22005 | Hig | 0.59 | 8.8 | 0.17 | Feb 9, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2019-0585 | Hig | 0.59 | 8.8 | 0.21 | Jan 8, 2019 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft… | ||
| CVE-2018-1028 | Hig | 0.59 | 8.8 | 0.19 | Apr 12, 2018 | A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft… | ||
| CVE-2025-47163 | Hig | 0.58 | 8.8 | 0.12 | Jun 10, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-29794 | Hig | 0.58 | 8.8 | 0.05 | Apr 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2023-33160 | Hig | 0.58 | 8.8 | 0.04 | Jul 11, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2022-30157 | Hig | 0.58 | 8.8 | 0.07 | Jun 15, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2022-29108 | Hig | 0.58 | 8.8 | 0.12 | May 10, 2022 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2018-8635 | Hig | 0.58 | 8.8 | 0.06 | Dec 12, 2018 | An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft… | ||
| CVE-2018-8300 | Hig | 0.58 | 8.8 | 0.13 | Jul 11, 2018 | A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint. | ||
| CVE-2026-40365 | Hig | 0.57 | 8.8 | 0.01 | May 12, 2026 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-64672 | Hig | 0.57 | 8.8 | 0.01 | Dec 9, 2025 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-59237 | Hig | 0.57 | 8.8 | 0.02 | Oct 14, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-59228 | Hig | 0.57 | 8.8 | 0.01 | Oct 14, 2025 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-49701 | Hig | 0.57 | 8.8 | 0.01 | Jul 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2025-47172 | Hig | 0.57 | 8.8 | 0.02 | Jun 10, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2023-36764 | Hig | 0.57 | 8.8 | 0.02 | Sep 12, 2023 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||
| CVE-2023-33159 | Hig | 0.57 | 8.8 | 0.01 | Jul 11, 2023 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2023-33134 | Hig | 0.57 | 8.8 | 0.03 | Jul 11, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
- risk 0.59cvss 8.8epss 0.18
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.59cvss 8.8epss 0.17
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.59cvss 8.8epss 0.21
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft Office Word Viewer, Office 365 ProPlus, Microsoft…
- risk 0.59cvss 8.8epss 0.19
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft…
- risk 0.58cvss 8.8epss 0.12
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.58cvss 8.8epss 0.05
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.58cvss 8.8epss 0.04
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.58cvss 8.8epss 0.07
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.58cvss 8.8epss 0.12
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.58cvss 8.8epss 0.06
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted authentication request to an affected SharePoint server, aka "Microsoft SharePoint Server Elevation of Privilege Vulnerability." This affects Microsoft…
- risk 0.58cvss 8.8epss 0.13
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka "Microsoft SharePoint Remote Code Execution Vulnerability." This affects Microsoft SharePoint.
- risk 0.57cvss 8.8epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.57cvss 8.8epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.01
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.57cvss 8.8epss 0.02
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- risk 0.57cvss 8.8epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.57cvss 8.8epss 0.03
Microsoft SharePoint Server Remote Code Execution Vulnerability
Page 2 of 10