📦 Sharepoint Enterprise Server
by Microsoft
🔍 What is Sharepoint Enterprise Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improperly protected APIs allow attackers to execute arbitrary code by sending specially-formatted input. ...
This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading a specially crafted application package. Exploitation requires u...
CVE-2020-1025 is an authentication bypass vulnerability in Microsoft SharePoint Server and Skype for Business Server where improper OAuth token validation allows attackers to modify tokens and gain un...
A type conversion vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on vulnerable systems by tricking users into opening malicious documents. This affects all users run...
This SQL injection vulnerability in Microsoft Office SharePoint allows authenticated attackers to execute arbitrary code remotely over the network. It affects SharePoint servers with improper input va...
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on a victim's system by tricking them into opening a malicious document. This affects users running v...
CVE-2025-47166 is a deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely. This affects organizations using vulnerable Sha...
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on vulnerable systems by tricking users into opening malicious documents. This affects all users runn...
This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization of untrusted data. It affects organizations running...
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on affected systems by tricking users into opening malicious documents. This affects all users runnin...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects organizations running vulnerable SharePoint Server...
CVE-2022-29108 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations run...
CVE-2022-22005 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected servers by uploading specially crafted ...
CVE-2022-21840 is a remote code execution vulnerability in Microsoft Office that allows attackers to execute arbitrary code by tricking users into opening specially crafted documents. This affects use...
CVE-2022-21842 is a remote code execution vulnerability in Microsoft Word that allows attackers to execute arbitrary code by tricking users into opening specially crafted documents. This affects users...
CVE-2021-43876 is an elevation of privilege vulnerability in Microsoft SharePoint that allows authenticated attackers to gain higher privileges than intended. This affects organizations running vulner...
This vulnerability allows authenticated attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects organizations running vulnerable SharePoint...
CVE-2021-42309 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected servers. This affects organizations run...
CVE-2021-40442 is a remote code execution vulnerability in Microsoft Excel that allows attackers to execute arbitrary code by tricking users into opening specially crafted Excel files. This affects us...
CVE-2021-41344 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected systems. This vulnerability affects Sha...
CVE-2021-40485 is a remote code execution vulnerability in Microsoft Excel that allows attackers to execute arbitrary code by tricking users into opening specially crafted Excel files. This affects us...
CVE-2021-40487 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected systems. This vulnerability affects Sha...
CVE-2021-38651 is a spoofing vulnerability in Microsoft SharePoint Server that allows an attacker to trick users into clicking malicious links that appear to originate from trusted SharePoint sites. T...
This vulnerability allows an authenticated attacker to spoof content in Microsoft SharePoint Server, potentially tricking users into interacting with malicious content. It affects organizations runnin...
CVE-2021-26420 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected servers. This affects organizations run...
This vulnerability allows an authenticated attacker to spoof content in Microsoft SharePoint Server, potentially tricking users into interacting with malicious content. It affects SharePoint Server 20...
CVE-2021-31181 is a remote code execution vulnerability in Microsoft SharePoint Server that allows attackers to execute arbitrary code on affected systems by exploiting improper control of generation ...
CVE-2020-16946 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows authenticated attackers to inject malicious scripts. When exploited, these scripts execute in th...
This is a remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading specially crafted application packages. It affects SharePoint servers whe...
CVE-2020-16929 is a remote code execution vulnerability in Microsoft Excel caused by improper memory object handling. An attacker can execute arbitrary code by tricking a user into opening a malicious...
CVE-2020-16944 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where improper input sanitization allows authenticated attackers to execute malicious scripts in users' brow...
This is a remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading specially crafted application packages. It affects SharePoint servers whe...
This is a remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading a specially crafted application package. It affects SharePoint servers wh...
CVE-2020-1460 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code by uploading specially crafted ASP.Net web controls....
This is a remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading a specially crafted application package. It affects SharePoint servers wh...
This is a memory disclosure vulnerability in Microsoft Word where specially crafted documents can leak memory contents when opened. Attackers could use leaked information to further compromise systems...
A remote code execution vulnerability in Microsoft Word allows attackers to execute arbitrary code by tricking users into opening malicious files. The vulnerability affects users of Microsoft Word sof...
CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that allows unauthorized attackers to perform spoofing attacks over a network. This affects organizations running vul...
This CVE describes an information disclosure vulnerability in Microsoft SharePoint Server where improper memory handling allows authenticated attackers to access sensitive information. The vulnerabili...
This CVE describes an information disclosure vulnerability in Microsoft SharePoint Server where improper memory handling allows authenticated attackers to access sensitive information. The vulnerabili...
Microsoft SharePoint Server discloses folder structure information when rendering specific web pages, allowing attackers to view script file paths. This affects organizations running vulnerable ShareP...
This is an authenticated cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web pages. When exploited, these scripts execute...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where improper input sanitization allows authenticated attackers to inject malicious scripts. Successful exploitation ...
This is a memory information disclosure vulnerability in Microsoft Excel where specially crafted documents can leak memory contents. Attackers could use leaked information to compromise systems or dat...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where authenticated attackers can inject malicious scripts through specially crafted web requests. Successful exploita...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where authenticated attackers can send specially crafted requests to bypass input sanitization. Successful exploitatio...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows authenticated attackers to inject malicious scripts into web pages. When exploited, these scripts execute ...