Microsoft Office SharePoint Server 2007
by Microsoft
CVEs (134)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-21840 | Hig | 0.58 | 8.8 | 0.09 | Jan 11, 2022 | Microsoft Office Remote Code Execution Vulnerability | ||
| CVE-2022-41061 | Hig | 0.51 | 7.8 | 0.01 | Nov 9, 2022 | Microsoft Word Remote Code Execution Vulnerability | ||
| CVE-2022-41103 | Med | 0.36 | 5.5 | 0.02 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2022-41060 | Med | 0.36 | 5.5 | 0.02 | Nov 9, 2022 | Microsoft Word Information Disclosure Vulnerability | ||
| CVE-2023-29357 | 0.29 | — | 0.94 | KEV | Jun 13, 2023 | Microsoft SharePoint Server Elevation of Privilege Vulnerability | ||
| CVE-2025-53770 | 0.28 | — | 0.90 | KEV | Jul 20, 2025 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update… | ||
| CVE-2023-24955 | 0.28 | — | 0.92 | KEV | May 9, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability | ||
| CVE-2025-49706 | 0.27 | — | 0.75 | KEV | Jul 8, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | ||
| CVE-2025-49704 | 0.26 | — | 0.60 | KEV | Jul 8, 2025 | Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | ||
| CVE-2024-38094 | 0.24 | — | 0.70 | KEV | Jul 9, 2024 | Microsoft SharePoint Remote Code Execution Vulnerability | ||
| CVE-2025-53771 | 0.07 | — | 0.45 | Jul 20, 2025 | Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2023-21716 | 0.07 | — | 0.91 | Feb 14, 2023 | Microsoft Word Remote Code Execution Vulnerability | |||
| CVE-2024-43464 | 0.05 | — | 0.64 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2025-47166 | 0.04 | — | 0.11 | Jun 10, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2024-38018 | 0.04 | — | 0.50 | Sep 10, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2024-30043 | 0.04 | — | 0.54 | May 14, 2024 | Microsoft SharePoint Server Information Disclosure Vulnerability | |||
| CVE-2024-30044 | 0.04 | — | 0.48 | May 14, 2024 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2023-28288 | 0.04 | — | 0.09 | Apr 11, 2023 | Microsoft SharePoint Server Spoofing Vulnerability | |||
| CVE-2025-49712 | 0.03 | — | 0.33 | Aug 12, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2023-21744 | 0.03 | — | 0.37 | Jan 10, 2023 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
- risk 0.58cvss 8.8epss 0.09
Microsoft Office Remote Code Execution Vulnerability
- risk 0.51cvss 7.8epss 0.01
Microsoft Word Remote Code Execution Vulnerability
- risk 0.36cvss 5.5epss 0.02
Microsoft Word Information Disclosure Vulnerability
- risk 0.36cvss 5.5epss 0.02
Microsoft Word Information Disclosure Vulnerability
- risk 0.29cvss —epss 0.94
Microsoft SharePoint Server Elevation of Privilege Vulnerability
- risk 0.28cvss —epss 0.90
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update…
- risk 0.28cvss —epss 0.92
Microsoft SharePoint Server Remote Code Execution Vulnerability
- risk 0.27cvss —epss 0.75
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- risk 0.26cvss —epss 0.60
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- risk 0.24cvss —epss 0.70
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2025-53771Jul 20, 2025risk 0.07cvss —epss 0.45
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- CVE-2023-21716Feb 14, 2023risk 0.07cvss —epss 0.91
Microsoft Word Remote Code Execution Vulnerability
- CVE-2024-43464Sep 10, 2024risk 0.05cvss —epss 0.64
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-47166Jun 10, 2025risk 0.04cvss —epss 0.11
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2024-38018Sep 10, 2024risk 0.04cvss —epss 0.50
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-30043May 14, 2024risk 0.04cvss —epss 0.54
Microsoft SharePoint Server Information Disclosure Vulnerability
- CVE-2024-30044May 14, 2024risk 0.04cvss —epss 0.48
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2023-28288Apr 11, 2023risk 0.04cvss —epss 0.09
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2025-49712Aug 12, 2025risk 0.03cvss —epss 0.33
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2023-21744Jan 10, 2023risk 0.03cvss —epss 0.37
Microsoft SharePoint Server Remote Code Execution Vulnerability
Page 1 of 7