Total
472 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20948 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2026-01-16 | N/A | 7.8 HIGH |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20947 | 1 Microsoft | 1 Sharepoint Server | 2026-01-16 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2026-20943 | 1 Microsoft | 3 Office, Office Deployment Tool, Sharepoint Server | 2026-01-16 | N/A | 7.0 HIGH |
| Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20951 | 1 Microsoft | 1 Sharepoint Server | 2026-01-14 | N/A | 7.8 HIGH |
| Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-20958 | 1 Microsoft | 1 Sharepoint Server | 2026-01-14 | N/A | 5.4 MEDIUM |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network. | |||||
| CVE-2026-20959 | 1 Microsoft | 1 Sharepoint Server | 2026-01-14 | N/A | 4.6 MEDIUM |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2026-20963 | 1 Microsoft | 1 Sharepoint Server | 2026-01-14 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-64672 | 1 Microsoft | 1 Sharepoint Server | 2025-12-12 | N/A | 8.8 HIGH |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | |||||
| CVE-2025-62555 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-12-10 | N/A | 7.0 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62558 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62559 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-12-10 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62562 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-12-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-62204 | 1 Microsoft | 1 Sharepoint Server | 2025-11-17 | N/A | 8.0 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2019-0604 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2025-10-29 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594. | |||||
| CVE-2020-1147 | 1 Microsoft | 14 .net Core, .net Framework, Sharepoint Enterprise Server and 11 more | 2025-10-29 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | |||||
| CVE-2025-59228 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 8.8 HIGH |
| Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-59237 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2024-38094 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 7.2 HIGH |
| Microsoft SharePoint Remote Code Execution Vulnerability | |||||
| CVE-2023-24955 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-10-28 | N/A | 7.2 HIGH |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||
| CVE-2023-29357 | 1 Microsoft | 1 Sharepoint Server | 2025-10-28 | N/A | 9.8 CRITICAL |
| Microsoft SharePoint Server Elevation of Privilege Vulnerability | |||||