Microsoft Office SharePoint Server 2007
by Microsoft
CVEs (134)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21511 | 0.00 | — | 0.00 | Feb 10, 2026 | Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-21260 | 0.00 | — | 0.00 | Feb 10, 2026 | Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | |||
| CVE-2026-20958 | 0.00 | — | 0.00 | Jan 13, 2026 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. | |||
| CVE-2026-20948 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20947 | 0.00 | — | 0.01 | Jan 13, 2026 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2026-20959 | 0.00 | — | 0.00 | Jan 13, 2026 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | |||
| CVE-2026-20951 | 0.00 | — | 0.00 | Jan 13, 2026 | Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2026-20943 | 0.00 | — | 0.00 | Jan 13, 2026 | Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62559 | 0.00 | — | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62558 | 0.00 | — | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62555 | 0.00 | — | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62562 | 0.00 | — | 0.00 | Dec 9, 2025 | Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-62204 | 0.00 | — | 0.02 | Nov 11, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-59232 | 0.00 | — | 0.00 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-59222 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59221 | 0.00 | — | 0.00 | Oct 14, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-59237 | 0.00 | — | 0.04 | Oct 14, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-59235 | 0.00 | — | 0.00 | Oct 14, 2025 | Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-59228 | 0.00 | — | 0.00 | Oct 14, 2025 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-54906 | 0.00 | — | 0.00 | Sep 9, 2025 | Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. |
- CVE-2026-21511Feb 10, 2026risk 0.00cvss —epss 0.00
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-21260Feb 10, 2026risk 0.00cvss —epss 0.00
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
- CVE-2026-20958Jan 13, 2026risk 0.00cvss —epss 0.00
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.
- CVE-2026-20948Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2026-20947Jan 13, 2026risk 0.00cvss —epss 0.01
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2026-20959Jan 13, 2026risk 0.00cvss —epss 0.00
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
- CVE-2026-20951Jan 13, 2026risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2026-20943Jan 13, 2026risk 0.00cvss —epss 0.00
Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-62559Dec 9, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-62558Dec 9, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-62555Dec 9, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-62562Dec 9, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally.
- CVE-2025-62204Nov 11, 2025risk 0.00cvss —epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-59232Oct 14, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2025-59222Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-59221Oct 14, 2025risk 0.00cvss —epss 0.00
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-59237Oct 14, 2025risk 0.00cvss —epss 0.04
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-59235Oct 14, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
- CVE-2025-59228Oct 14, 2025risk 0.00cvss —epss 0.00
Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-54906Sep 9, 2025risk 0.00cvss —epss 0.00
Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally.
Page 4 of 7