Office SharePoint
by Microsoft
CVEs (192)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45481 | Hig | 0.47 | 7.3 | 0.01 | Jun 9, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||
| CVE-2025-53760 | Hig | 0.47 | 7.1 | 0.12 | Aug 12, 2025 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | ||
| CVE-2025-21348 | Hig | 0.47 | 7.2 | 0.02 | Jan 14, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-38228 | Hig | 0.47 | 7.2 | 0.04 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-38227 | Hig | 0.47 | 7.2 | 0.08 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2024-30043 | Med | 0.47 | 6.5 | 0.55 | May 14, 2024 | Microsoft SharePoint Server Information Disclosure Vulnerability | ||
| CVE-2026-20943 | Hig | 0.46 | 7.0 | 0.01 | Jan 13, 2026 | Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-62555 | Hig | 0.46 | 7.0 | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-59235 | Hig | 0.46 | 7.1 | 0.01 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-59232 | Hig | 0.46 | 7.1 | 0.00 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-59221 | Hig | 0.46 | 7.0 | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||
| CVE-2025-54905 | Hig | 0.46 | 7.1 | 0.01 | Sep 9, 2025 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2025-30378 | Hig | 0.46 | 7.0 | 0.01 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | ||
| CVE-2020-17089 | Hig | 0.46 | 7.1 | 0.03 | Dec 10, 2020 | Microsoft SharePoint Elevation of Privilege Vulnerability | ||
| CVE-2025-53736 | Med | 0.44 | 6.8 | 0.01 | Aug 12, 2025 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||
| CVE-2024-26251 | Med | 0.44 | 6.8 | 0.01 | Apr 9, 2024 | Microsoft SharePoint Server Spoofing Vulnerability | ||
| CVE-2024-49062 | Med | 0.43 | 6.5 | 0.03 | Dec 12, 2024 | Microsoft SharePoint Information Disclosure Vulnerability | ||
| CVE-2024-43466 | Med | 0.43 | 6.5 | 0.04 | Sep 10, 2024 | Microsoft SharePoint Server Denial of Service Vulnerability | ||
| CVE-2026-45454 | Med | 0.42 | 6.5 | 0.02 | Jun 9, 2026 | Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2024-49064 | Med | 0.42 | 6.5 | 0.03 | Dec 12, 2024 | Microsoft SharePoint Information Disclosure Vulnerability |
- risk 0.47cvss 7.3epss 0.01
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- risk 0.47cvss 7.1epss 0.12
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- risk 0.47cvss 7.2epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.04
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 7.2epss 0.08
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.47cvss 6.5epss 0.55
Microsoft SharePoint Server Information Disclosure Vulnerability
- risk 0.46cvss 7.0epss 0.01
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.01
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.1epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.01
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.46cvss 7.0epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- risk 0.46cvss 7.1epss 0.03
Microsoft SharePoint Elevation of Privilege Vulnerability
- risk 0.44cvss 6.8epss 0.01
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- risk 0.44cvss 6.8epss 0.01
Microsoft SharePoint Server Spoofing Vulnerability
- risk 0.43cvss 6.5epss 0.03
Microsoft SharePoint Information Disclosure Vulnerability
- risk 0.43cvss 6.5epss 0.04
Microsoft SharePoint Server Denial of Service Vulnerability
- risk 0.42cvss 6.5epss 0.02
Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.42cvss 6.5epss 0.03
Microsoft SharePoint Information Disclosure Vulnerability
Page 6 of 10