📦 Sharepoint Server
by Microsoft
🔍 What is Sharepoint Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-53770 is a critical deserialization vulnerability in on-premises Microsoft SharePoint Server that allows unauthenticated attackers to execute arbitrary code remotely. This affects organizatio...
CVE-2023-29357 is a critical elevation of privilege vulnerability in Microsoft SharePoint Server that allows attackers to bypass authentication and gain administrative access. This affects organizatio...
CVE-2020-1595 is a critical remote code execution vulnerability in Microsoft SharePoint where improperly protected APIs allow attackers to execute arbitrary code by sending specially-formatted input. ...
This is a critical remote code execution vulnerability in Microsoft SharePoint that allows attackers to run arbitrary code by uploading a specially crafted application package. Exploitation requires u...
CVE-2020-1025 is an authentication bypass vulnerability in Microsoft SharePoint Server and Skype for Business Server where improper OAuth token validation allows attackers to modify tokens and gain un...
A remote code execution vulnerability in Microsoft Word allows attackers to execute arbitrary code by tricking users into opening malicious files. This affects users of Microsoft Word who open special...
This vulnerability allows attackers to spoof identities or data in Microsoft Office Outlook by exploiting insecure deserialization of untrusted data. Organizations using affected Outlook versions are ...
This vulnerability allows an authorized attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization of untrusted data. Attackers with network access and v...
This SQL injection vulnerability in Microsoft Office SharePoint allows authenticated attackers to execute arbitrary SQL commands over the network. Attackers could potentially read, modify, or delete d...
This vulnerability allows an unauthorized attacker to execute arbitrary code on a local system by exploiting an untrusted pointer dereference in Microsoft Office Word. Attackers can achieve this by tr...
This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers through improper input validation. Organizations using affected Microsoft SharePoint versions are at ...
This vulnerability allows an unauthorized attacker to execute arbitrary code on a local system by exploiting an untrusted search path in Microsoft Office. Attackers can place malicious DLLs in directo...
This cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows authenticated attackers to inject malicious scripts into web pages, which can then execute in victims' browsers. The...
This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoint servers by sending specially crafted deserialized data. It affects organizations running vulnerabl...
This vulnerability in Microsoft Office involves a use-after-free memory corruption issue that allows an attacker to execute arbitrary code on a victim's system. Attackers can exploit this by tricking ...
This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint allows authenticated attackers to make unauthorized requests from the SharePoint server to internal network resourc...
A type conversion vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on vulnerable systems by tricking users into opening malicious documents. This affects all users run...
This CVE describes a code injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code over the network. Attackers with valid SharePoint credent...
This SQL injection vulnerability in Microsoft Office SharePoint allows authenticated attackers to execute arbitrary code remotely over the network. It affects SharePoint servers with improper input va...
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on a victim's system by tricking them into opening a malicious document. This affects users running v...
CVE-2025-47166 is a deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely. This affects organizations using vulnerable Sha...
This vulnerability allows remote code execution on Microsoft SharePoint servers through deserialization of untrusted data. Attackers can execute arbitrary code with the privileges of the SharePoint ap...
This vulnerability allows an unauthorized attacker to execute arbitrary code on SharePoint servers by exploiting insecure deserialization of untrusted data. It affects organizations running vulnerable...
This vulnerability allows an authenticated attacker to execute arbitrary code on Microsoft SharePoint servers by exploiting insecure deserialization of untrusted data. It affects organizations running...
A use-after-free vulnerability in Microsoft Office Word allows attackers to execute arbitrary code on affected systems by tricking users into opening malicious documents. This affects all users runnin...
CVE-2025-21400 is a remote code execution vulnerability in Microsoft SharePoint Server that allows an authenticated attacker to execute arbitrary code on the server by exploiting improper authorizatio...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects organizations running vulnerable SharePoint Server...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server systems. Attackers could gain control of affected servers, potentially compromising sensitive data a...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint servers by deserializing untrusted data. It affects organizations running vulnerable SharePoint versions, p...
This vulnerability allows authenticated attackers to elevate their privileges within Microsoft SharePoint, potentially gaining administrative access. It affects organizations running vulnerable ShareP...
This vulnerability allows authenticated attackers to elevate their privileges within Microsoft SharePoint, potentially gaining administrative access. It affects organizations running vulnerable ShareP...
This vulnerability allows authenticated attackers to execute arbitrary code on Microsoft SharePoint Server by sending specially crafted requests. It affects organizations running vulnerable SharePoint...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by exploiting insecure deserialization. It affects organizations running vulnerable SharePoint Serve...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by exploiting insecure deserialization. It affects organizations running vulnerable SharePoint Serve...
This vulnerability in Microsoft SharePoint Server allows attackers to access sensitive information without proper authorization. It affects organizations running vulnerable SharePoint Server versions,...
This vulnerability in Microsoft SharePoint Server allows authenticated attackers to execute arbitrary code remotely by uploading specially crafted files. It affects organizations running vulnerable Sh...
CVE-2024-30044 is a remote code execution vulnerability in Microsoft SharePoint Server that allows authenticated attackers to execute arbitrary code on affected systems. This affects organizations run...
This vulnerability in Microsoft SharePoint Server allows authenticated attackers to execute arbitrary code remotely by exploiting a use-after-free memory corruption issue. It affects organizations run...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by deserializing untrusted data. It affects organizations running vulnerable SharePoint Server versi...
CVE-2023-36762 is a remote code execution vulnerability in Microsoft Word that allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially crafted malicio...
This vulnerability in Microsoft SharePoint Server allows authenticated attackers to elevate their privileges within the SharePoint environment. Attackers could gain administrative access to SharePoint...
This vulnerability allows an attacker to inject malicious scripts into Microsoft SharePoint Server, which could execute when viewed by other users. It affects organizations running vulnerable SharePoi...
CVE-2023-33159 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web pages. When exploited, it enables spoofing attack...
This vulnerability allows remote attackers to execute arbitrary code on Microsoft SharePoint Server by exploiting insecure deserialization. It affects organizations running vulnerable SharePoint Serve...
This vulnerability allows authenticated attackers to execute arbitrary code on Microsoft SharePoint servers by uploading specially crafted files. It affects organizations running vulnerable SharePoint...
CVE-2023-33130 is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web pages. When exploited, it enables spoofing attack...
This Server-Side Request Forgery (SSRF) vulnerability in Microsoft Office SharePoint allows authenticated attackers to make the server send requests to internal systems, potentially exposing sensitive...
This cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint allows authenticated attackers to inject malicious scripts into web pages. When exploited, it enables spoofing attacks wher...
CVE-2025-49706 is an improper authentication vulnerability in Microsoft SharePoint that allows unauthorized attackers to perform spoofing attacks over a network. This affects organizations running vul...
This CVE describes a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web pages. When exploited, it enables content spoofi...
This vulnerability in Microsoft SharePoint allows an authenticated attacker to access sensitive information they shouldn't have permission to view. It affects SharePoint Server installations where use...
This vulnerability in Microsoft Office allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially crafted document. It affects users of Microsoft Office ...
This CVE describes an information disclosure vulnerability in Microsoft SharePoint Server where improper memory handling allows authenticated attackers to access sensitive information. The vulnerabili...
This CVE describes an information disclosure vulnerability in Microsoft SharePoint Server where improper memory handling could allow an authenticated attacker to access sensitive information. The vuln...
This CVE describes an information disclosure vulnerability in Microsoft SharePoint Server where improper memory handling allows authenticated attackers to access sensitive information. The vulnerabili...
Microsoft SharePoint Server discloses folder structure information when rendering specific web pages, allowing attackers to view script file paths. This affects organizations running vulnerable ShareP...
This is an authenticated cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows attackers to inject malicious scripts into web pages. When exploited, these scripts execute...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where improper input sanitization allows authenticated attackers to inject malicious scripts. Successful exploitation ...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where authenticated attackers can inject malicious scripts through specially crafted web requests. Successful exploita...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server where authenticated attackers can send specially crafted requests to bypass input sanitization. Successful exploitatio...
This is an information disclosure vulnerability in Microsoft Word where specially crafted documents can leak memory contents when opened. Attackers could potentially use leaked information to further ...
This is a cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server that allows authenticated attackers to inject malicious scripts into web pages. When exploited, these scripts execute ...