Microsoft Office SharePoint Server 2007
by Microsoft
CVEs (134)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54905 | 0.00 | — | 0.00 | Sep 9, 2025 | Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-53736 | 0.00 | — | 0.00 | Aug 12, 2025 | Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | |||
| CVE-2025-53733 | 0.00 | — | 0.01 | Aug 12, 2025 | Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-53760 | 0.00 | — | 0.02 | Aug 12, 2025 | Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||
| CVE-2025-49703 | 0.00 | — | 0.01 | Jul 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-49701 | 0.00 | — | 0.02 | Jul 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47172 | 0.00 | — | 0.03 | Jun 10, 2025 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-47169 | 0.00 | — | 0.01 | Jun 10, 2025 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-47168 | 0.00 | — | 0.01 | Jun 10, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30384 | 0.00 | — | 0.02 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30382 | 0.00 | — | 0.01 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30378 | 0.00 | — | 0.01 | May 13, 2025 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-29976 | 0.00 | — | 0.01 | May 13, 2025 | Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | |||
| CVE-2025-26642 | 0.00 | — | 0.00 | Apr 8, 2025 | Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-29794 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||
| CVE-2025-27747 | 0.00 | — | 0.01 | Apr 8, 2025 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21400 | 0.00 | — | 0.02 | Feb 11, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2025-21393 | 0.00 | — | 0.00 | Jan 14, 2025 | Microsoft SharePoint Server Spoofing Vulnerability | |||
| CVE-2025-21348 | 0.00 | — | 0.01 | Jan 14, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability | |||
| CVE-2025-21344 | 0.00 | — | 0.00 | Jan 14, 2025 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
- CVE-2025-54905Sep 9, 2025risk 0.00cvss —epss 0.00
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53736Aug 12, 2025risk 0.00cvss —epss 0.00
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
- CVE-2025-53733Aug 12, 2025risk 0.00cvss —epss 0.01
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-53760Aug 12, 2025risk 0.00cvss —epss 0.02
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
- CVE-2025-49703Jul 8, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-49701Jul 8, 2025risk 0.00cvss —epss 0.02
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47172Jun 10, 2025risk 0.00cvss —epss 0.03
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47169Jun 10, 2025risk 0.00cvss —epss 0.01
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-47168Jun 10, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-30384May 13, 2025risk 0.00cvss —epss 0.02
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30382May 13, 2025risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30378May 13, 2025risk 0.00cvss —epss 0.01
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-29976May 13, 2025risk 0.00cvss —epss 0.01
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
- CVE-2025-26642Apr 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-29794Apr 8, 2025risk 0.00cvss —epss 0.00
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-27747Apr 8, 2025risk 0.00cvss —epss 0.01
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-21400Feb 11, 2025risk 0.00cvss —epss 0.02
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-21393Jan 14, 2025risk 0.00cvss —epss 0.00
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2025-21348Jan 14, 2025risk 0.00cvss —epss 0.01
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-21344Jan 14, 2025risk 0.00cvss —epss 0.00
Microsoft SharePoint Server Remote Code Execution Vulnerability
Page 5 of 7