Skip to main content

Sharepoint Server

449 CVEs product

Monthly

CVE-2026-48562 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated attacker with low-level network access to inject malicious scripts into SharePoint-generated web pages, resulting in spoofing attacks against other users. The vulnerability requires victim interaction to trigger script execution, limiting automated exploitation. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; the CVSS score of 4.6 reflects the constrained impact and authentication prerequisite.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-48560 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables low-privileged authenticated attackers to perform spoofing attacks over a network without requiring user interaction. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-reachable exploitation by any authenticated SharePoint user with no further interaction required from a victim. No public exploit identified at time of analysis and CISA SSVC classifies exploitation status as none, though vendor patches are available for all three affected product lines.

Microsoft XSS Deserialization Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2026-47641 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker with low privileges to inject malicious script content into web pages, enabling spoofing attacks against other users. All three active SharePoint server product lines - Server 2019, Enterprise Server 2016, and Subscription Edition - are affected across broad version ranges. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; vendor-released patches are available for all affected product lines.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-47639 MEDIUM PATCH This Month

Cross-site scripting in Microsoft SharePoint Server enables network-based spoofing attacks by injecting malicious scripts into rendered web pages, requiring victim user interaction to trigger. Three SharePoint server product lines are affected across the 16.0.x code branch, with vendor-released patches available for all. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-47636 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables network-based spoofing attacks against authenticated users who interact with attacker-controlled content. The vulnerability stems from insufficient input neutralization during web page generation (CWE-79), allowing injected script to execute in a victim's browser context. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via Microsoft's Security Response Center.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-47634 MEDIUM PATCH Exploit Likely This Month

Stored or reflected cross-site scripting in Microsoft Office SharePoint allows an authenticated attacker with low privileges to inject malicious script that, after victim interaction, results in spoofing and disclosure or alteration of sensitive content within a victim's browser session. The CVSS 7.3 (AV:N/AC:L/PR:L/UI:R) rating reflects network-reachable exploitation with low complexity but requires both a valid SharePoint account and user interaction. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-47298 HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Office SharePoint enables an authenticated attacker with low privileges to execute arbitrary code over the network when a victim user is induced to perform an action. The flaw stems from an improper authorization check (CWE-285) that fails to enforce expected access boundaries, yielding full confidentiality, integrity, and availability impact (CVSS 8.0). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
8.0
EPSS
0.1%
CVE-2026-45485 LOW PATCH Exploit Unlikely Monitor

Out-of-bounds read in Microsoft Office and SharePoint Server exposes low-level memory contents to a local attacker when a victim opens a crafted document. Affected products span Microsoft 365 Apps for Enterprise, Office 2016/2019/LTSC 2021/2024, Office for Mac variants, and SharePoint Server 2016/2019/Subscription Edition - all at version 16.0.x baselines. The CVSS score of 3.3 (Low) reflects constrained impact: confidentiality is only partially affected, integrity and availability are untouched, and exploitation requires both local access and user interaction. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2026-45484 HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft Office SharePoint allows an authenticated network attacker to elevate privileges by submitting maliciously crafted serialized data that the server deserializes without proper validation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability combined with low attack complexity, though the PR:L requirement means the attacker must already hold at least a low-privileged SharePoint account. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Deserialization Sharepoint Server
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2026-45483 MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint Server (the platform underlying Office Project Server) enables an authenticated low-privileged attacker to inject malicious script into web-rendered content, facilitating spoofing attacks against other users. The CVSS vector (PR:L/UI:R) confirms exploitation requires an authenticated account and victim interaction, constraining opportunistic use. No public exploit code has been identified at time of analysis, a vendor patch has been released, and no CISA KEV listing is present.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45481 MEDIUM PATCH Exploit Likely This Month

Stored or reflected cross-site scripting in Microsoft Office SharePoint allows an authenticated low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing and high-impact disclosure or modification of data rendered in the victim's context. The CVSS 7.3 vector requires user interaction and existing access to the SharePoint site, and no public exploit identified at time of analysis. The flaw is consistent with the CWE-79 class of input neutralization failures during web page generation.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45475 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. There is no public exploit identified at time of analysis and the issue is not currently listed on the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45471 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word enables an attacker to run arbitrary code in the context of the current user by tricking them into opening a malicious document that triggers an untrusted pointer dereference. With a CVSS 7.8 score and no public exploit identified at time of analysis, the flaw is exploited locally but unauthenticated, relying on user interaction to open a crafted file. Microsoft has issued an advisory via the MSRC Security Update Guide.

Authentication Bypass Microsoft 365 Apps Microsoft 365 Office 2019 +4
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-45467 MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint on-premises deployments enables an authenticated attacker to perform spoofing attacks against other users over a network. Affected products span three major on-premises release lines: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. The CVSS vector (PR:L, UI:R) confirms exploitation requires a low-privileged authenticated account and victim user interaction, meaningfully constraining opportunistic attack. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45465 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables network-based spoofing attacks by injecting malicious scripts into rendered web page output. The vulnerability carries a CVSS 5.4 (Medium) score with low attack complexity and no privilege requirement per the CVSS vector, but requires victim user interaction - a pattern consistent with reflected or stored XSS leading to in-browser script execution within a trusted SharePoint domain. No public exploit code or CISA KEV listing has been identified at time of analysis, though the broad enterprise deployment footprint of SharePoint elevates real-world relevance beyond the moderate CVSS score.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45464 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables a network-based attacker to perform spoofing by injecting malicious script into web page generation, affecting the confidentiality and integrity of victim sessions. The attack requires user interaction - a victim must click or load attacker-controlled content - which limits opportunistic exploitation but makes it viable via phishing or social engineering. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, vendor-released patches are confirmed across all three affected release lines.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-45458 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbitrary code in the context of the Office process without requiring privileges or user interaction. The issue carries a high CVSS 3.1 score of 8.4 with full impact across confidentiality, integrity, and availability, though exploitation requires local attack vector access to the target system. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Authentication Bypass Use After Free Memory Corruption 365 Apps +6
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45456 HIGH PATCH NEWS Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attacker with local access to run arbitrary code in the context of the Office process. The CVSS 8.4 score reflects high impact on confidentiality, integrity, and availability without requiring privileges or user interaction, though the attack vector is local. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-45453 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server on-premises deployments (2016, 2019, and Subscription Edition) enables network-based spoofing attacks by injecting malicious script into pages rendered within victims' browser sessions. All three actively supported SharePoint on-premises product lines are affected across broad version ranges, with fixed releases confirmed in the June 2026 patch cycle. No public exploit code has been identified at time of analysis and the vulnerability is absent from the CISA KEV catalog, but low attack complexity and wide enterprise deployment footprint make prompt patching a reasonable priority.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-44824 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a user opens or previews a maliciously crafted document. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-44821 MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office triggers local information disclosure when a victim opens a crafted document, exposing adjacent memory contents with high confidentiality impact. The vulnerability spans a wide product surface including Office 2016 through LTSC 2024, Microsoft 365 Apps for Enterprise, multiple SharePoint Server versions, and Mac variants, as confirmed by EUVD-2026-35664. No public exploit or CISA KEV listing is identified at time of analysis; vendor-released patches are available across affected product lines.

Information Disclosure Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-44819 HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow 365 Apps Microsoft 365 +5
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-33113 MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint enables network-based spoofing attacks by injecting malicious scripts into web page output. The vulnerability (CWE-79) targets users of the SharePoint web interface and, when triggered via user interaction, allows an attacker to manipulate page content or impersonate legitimate UI elements - degrading both confidentiality and integrity. No public exploit or active exploitation has been identified at time of analysis, though the low-complexity network vector lowers the bar for opportunistic abuse.

XSS Microsoft Sharepoint Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-26114 HIGH PATCH This Week

Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.

Microsoft Deserialization Sharepoint Server
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-26113 HIGH PATCH This Week

Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.

Microsoft Authentication Bypass Sharepoint Server Office Office Long Term Servicing Channel +1
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-26106 HIGH PATCH This Week

Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.

Microsoft Information Disclosure Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26105 HIGH PATCH This Week

Microsoft SharePoint Server contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary scripts in users' browsers through malicious links, enabling spoofing attacks and credential theft. The vulnerability requires user interaction to trigger and affects all SharePoint deployments with no available patch. With a CVSS score of 8.1, this poses a significant risk to organizations relying on SharePoint for collaboration.

Microsoft XSS Sharepoint Server
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-21511 HIGH PATCH This Week

Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.

Microsoft Outlook Deserialization 365 Apps Word +3
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2026-21260 HIGH PATCH This Week

Information disclosure in Microsoft Outlook, SharePoint Server, Office, and 365 Apps enables remote attackers to conduct email spoofing attacks without authentication or user interaction. The vulnerability affects multiple Microsoft collaboration products and could allow threat actors to impersonate legitimate senders to compromise organizational security. No patch is currently available for this high-severity issue.

Microsoft Outlook Sharepoint Server Office 365 Apps +1
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-20959 MEDIUM PATCH This Month

Stored XSS in Microsoft SharePoint Server enables authenticated users to inject malicious scripts that execute in other users' browsers, potentially leading to credential theft or session hijacking. The vulnerability requires user interaction and network access, but no patch is currently available, leaving organizations dependent on compensating controls or vendor updates.

Microsoft XSS Sharepoint Server
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2026-20958 MEDIUM PATCH This Month

Microsoft SharePoint Server contains a server-side request forgery vulnerability that allows authenticated users to access sensitive information across the network. An attacker with valid credentials can exploit this flaw to disclose confidential data without requiring user interaction. No patch is currently available for this issue.

Microsoft SSRF Sharepoint Server
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-20951 HIGH PATCH This Week

Local code execution in Microsoft SharePoint Server results from inadequate input validation, enabling attackers with local access to execute arbitrary code with user interaction. The vulnerability affects SharePoint deployments and carries high impact across confidentiality, integrity, and authenticity. No patch is currently available.

Microsoft Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-20948 HIGH PATCH This Week

Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.

Microsoft Office Long Term Servicing Channel Sharepoint Server Word 365 Apps +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20947 HIGH PATCH This Week

SQL injection in Microsoft SharePoint Server enables authenticated attackers to execute arbitrary code remotely through improper sanitization of database queries. This vulnerability affects authorized users with network access and could allow them to compromise affected systems with high-level privileges. No patch is currently available for this issue.

Microsoft SQLi Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-20943 HIGH PATCH This Week

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Microsoft Office Deployment Tool Sharepoint Server Office
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-62204 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
3.0%
CVE-2025-54906 HIGH This Month

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Microsoft Authentication Bypass 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-54905 HIGH This Month

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-54897 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
8.5%
CVE-2025-53760 HIGH This Month

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Sharepoint Server
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2025-53736 MEDIUM This Month

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-53733 HIGH CERT-EU This Month

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-49712 HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2025-49706 MEDIUM POC KEV PATCH THREAT CERT-EU Act Now

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
59.9%
Threat
8.1
CVE-2025-49704 HIGH POC KEV PATCH THREAT Act Now

Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure.

Microsoft RCE Code Injection Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
63.8%
Threat
8.7
CVE-2025-49703 HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption Denial Of Service Office Long Term Servicing Channel +4
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-49701 HIGH PATCH This Week

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-47172 HIGH PATCH This Week

SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.

Microsoft SQLi Exchange RCE Sharepoint Enterprise Server +1
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2025-47169 HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Microsoft Buffer Overflow Windows RCE Office +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47168 HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows RCE Office Long Term Servicing Channel +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-47166 HIGH POC PATCH This Week

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.

Microsoft Deserialization Exchange RCE Sharepoint Server +1
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
8.6%
CVE-2025-47163 HIGH PATCH Act Now

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.

Microsoft Office365 Deserialization RCE Sharepoint Enterprise Server +1
NVD
CVSS 3.1
8.8
EPSS
16.9%
CVE-2025-30384 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
1.7%
CVE-2025-30382 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2025-30378 HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2025-29976 HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-29794 HIGH This Week

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2025-29793 HIGH Act Now

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.9% and no vendor patch available.

Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
21.9%
CVE-2025-27747 HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service 365 Apps Office Office Long Term Servicing Channel +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-27746 HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft Denial Of Service 365 Apps +4
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2025-26642 HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow 365 Apps Access +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2025-21400 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
8.0
EPSS
1.9%
CVE-2025-21393 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2025-21348 HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass RCE Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2025-21344 HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-49070 HIGH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.4
EPSS
2.2%
CVE-2024-49068 HIGH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Sharepoint Server
NVD
CVSS 3.1
8.2
EPSS
1.7%
CVE-2024-49065 MEDIUM This Month

Microsoft Office Remote Code Execution Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE Microsoft 365 Apps +4
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2024-49064 MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.6%
CVE-2024-49062 MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2024-43503 HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2024-43466 HIGH PATCH This Week

Microsoft SharePoint Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Microsoft Sharepoint Server
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2024-43464 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
35.9%
CVE-2024-38228 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
4.2%
CVE-2024-38227 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
8.2%
CVE-2024-38018 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
51.5%
CVE-2024-38094 HIGH KEV PATCH THREAT This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
47.8%
CVE-2024-38024 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
45.2%
CVE-2024-38023 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
52.9%
CVE-2024-32987 HIGH PATCH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
7.5
EPSS
2.3%
CVE-2024-30100 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2024-30044 HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.2
EPSS
84.0%
CVE-2024-30043 HIGH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft Sharepoint Server
NVD
CVSS 3.1
7.5
EPSS
54.7%
CVE-2024-26251 LOW Monitor

Microsoft SharePoint Server Spoofing Vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
3.1
EPSS
1.4%
CVE-2024-21426 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE Memory Corruption Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2024-21318 HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-38177 MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2023-36764 HIGH PATCH This Week

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-36762 HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps Office Office Long Term Servicing Channel +2
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-36894 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.2%
EPSS 0% CVSS 4.6
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables an authenticated attacker with low-level network access to inject malicious scripts into SharePoint-generated web pages, resulting in spoofing attacks against other users. The vulnerability requires victim interaction to trigger script execution, limiting automated exploitation. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; the CVSS score of 4.6 reflects the constrained impact and authentication prerequisite.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables low-privileged authenticated attackers to perform spoofing attacks over a network without requiring user interaction. The CVSS vector (AV:N/AC:L/PR:L/UI:N) confirms network-reachable exploitation by any authenticated SharePoint user with no further interaction required from a victim. No public exploit identified at time of analysis and CISA SSVC classifies exploitation status as none, though vendor patches are available for all three affected product lines.

Microsoft XSS Deserialization +1
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint allows an authenticated network attacker with low privileges to inject malicious script content into web pages, enabling spoofing attacks against other users. All three active SharePoint server product lines - Server 2019, Enterprise Server 2016, and Subscription Edition - are affected across broad version ranges. No active exploitation has been confirmed (not listed in CISA KEV) and no public exploit code has been identified at time of analysis; vendor-released patches are available for all affected product lines.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting in Microsoft SharePoint Server enables network-based spoofing attacks by injecting malicious scripts into rendered web pages, requiring victim user interaction to trigger. Three SharePoint server product lines are affected across the 16.0.x code branch, with vendor-released patches available for all. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables network-based spoofing attacks against authenticated users who interact with attacker-controlled content. The vulnerability stems from insufficient input neutralization during web page generation (CWE-79), allowing injected script to execute in a victim's browser context. No public exploit code has been identified at time of analysis, and a vendor-released patch is available via Microsoft's Security Response Center.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Likely This Month

Stored or reflected cross-site scripting in Microsoft Office SharePoint allows an authenticated attacker with low privileges to inject malicious script that, after victim interaction, results in spoofing and disclosure or alteration of sensitive content within a victim's browser session. The CVSS 7.3 (AV:N/AC:L/PR:L/UI:R) rating reflects network-reachable exploitation with low complexity but requires both a valid SharePoint account and user interaction. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 8.0
HIGH PATCH Exploit Unlikely This Week

Remote code execution in Microsoft Office SharePoint enables an authenticated attacker with low privileges to execute arbitrary code over the network when a victim user is induced to perform an action. The flaw stems from an improper authorization check (CWE-285) that fails to enforce expected access boundaries, yielding full confidentiality, integrity, and availability impact (CVSS 8.0). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 3.3
LOW PATCH Exploit Unlikely Monitor

Out-of-bounds read in Microsoft Office and SharePoint Server exposes low-level memory contents to a local attacker when a victim opens a crafted document. Affected products span Microsoft 365 Apps for Enterprise, Office 2016/2019/LTSC 2021/2024, Office for Mac variants, and SharePoint Server 2016/2019/Subscription Edition - all at version 16.0.x baselines. The CVSS score of 3.3 (Low) reflects constrained impact: confidentiality is only partially affected, integrity and availability are untouched, and exploitation requires both local access and user interaction. No public exploit identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH Exploit Unlikely This Week

Privilege escalation in Microsoft Office SharePoint allows an authenticated network attacker to elevate privileges by submitting maliciously crafted serialized data that the server deserializes without proper validation. The CVSS 8.8 score reflects high impact across confidentiality, integrity, and availability combined with low attack complexity, though the PR:L requirement means the attacker must already hold at least a low-privileged SharePoint account. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Microsoft Deserialization Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint Server (the platform underlying Office Project Server) enables an authenticated low-privileged attacker to inject malicious script into web-rendered content, facilitating spoofing attacks against other users. The CVSS vector (PR:L/UI:R) confirms exploitation requires an authenticated account and victim interaction, constraining opportunistic use. No public exploit code has been identified at time of analysis, a vendor patch has been released, and no CISA KEV listing is present.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Likely This Month

Stored or reflected cross-site scripting in Microsoft Office SharePoint allows an authenticated low-privileged attacker to inject script that executes in another user's browser session, enabling spoofing and high-impact disclosure or modification of data rendered in the victim's context. The CVSS 7.3 vector requires user interaction and existing access to the SharePoint site, and no public exploit identified at time of analysis. The flaw is consistent with the CWE-79 class of input neutralization failures during web page generation.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that an unauthenticated attacker can trigger when a user opens a crafted document. The CVSS 3.1 base score of 7.8 reflects high impact to confidentiality, integrity, and availability, with required user interaction limiting mass exploitation. There is no public exploit identified at time of analysis and the issue is not currently listed on the CISA KEV catalog.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office Word enables an attacker to run arbitrary code in the context of the current user by tricking them into opening a malicious document that triggers an untrusted pointer dereference. With a CVSS 7.8 score and no public exploit identified at time of analysis, the flaw is exploited locally but unauthenticated, relying on user interaction to open a crafted file. Microsoft has issued an advisory via the MSRC Security Update Guide.

Authentication Bypass Microsoft 365 Apps +6
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Stored or reflected cross-site scripting in Microsoft SharePoint on-premises deployments enables an authenticated attacker to perform spoofing attacks against other users over a network. Affected products span three major on-premises release lines: SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition. The CVSS vector (PR:L, UI:R) confirms exploitation requires a low-privileged authenticated account and victim user interaction, meaningfully constraining opportunistic attack. No active exploitation has been confirmed (not listed in CISA KEV), and no public exploit code has been identified at time of analysis.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Enterprise Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition enables network-based spoofing attacks by injecting malicious scripts into rendered web page output. The vulnerability carries a CVSS 5.4 (Medium) score with low attack complexity and no privilege requirement per the CVSS vector, but requires victim user interaction - a pattern consistent with reflected or stored XSS leading to in-browser script execution within a trusted SharePoint domain. No public exploit code or CISA KEV listing has been identified at time of analysis, though the broad enterprise deployment footprint of SharePoint elevates real-world relevance beyond the moderate CVSS score.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server (2016, 2019, and Subscription Edition) enables a network-based attacker to perform spoofing by injecting malicious script into web page generation, affecting the confidentiality and integrity of victim sessions. The attack requires user interaction - a victim must click or load attacker-controlled content - which limits opportunistic exploitation but makes it viable via phishing or social engineering. No public exploit code exists and the vulnerability is not listed in the CISA KEV catalog at time of analysis; however, vendor-released patches are confirmed across all three affected release lines.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office via a type confusion flaw (CWE-416) permits unauthorized attackers to run arbitrary code in the context of the Office process without requiring privileges or user interaction. The issue carries a high CVSS 3.1 score of 8.4 with full impact across confidentiality, integrity, and availability, though exploitation requires local attack vector access to the target system. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Microsoft Authentication Bypass Use After Free +8
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office stems from a type confusion (CWE-843) flaw that allows an unauthenticated attacker with local access to run arbitrary code in the context of the Office process. The CVSS 8.4 score reflects high impact on confidentiality, integrity, and availability without requiring privileges or user interaction, though the attack vector is local. No public exploit is identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Authentication Bypass Memory Corruption +7
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint Server on-premises deployments (2016, 2019, and Subscription Edition) enables network-based spoofing attacks by injecting malicious script into pages rendered within victims' browser sessions. All three actively supported SharePoint on-premises product lines are affected across broad version ranges, with fixed releases confirmed in the June 2026 patch cycle. No public exploit code has been identified at time of analysis and the vulnerability is absent from the CISA KEV catalog, but low attack complexity and wide enterprise deployment footprint make prompt patching a reasonable priority.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible through a heap-based buffer overflow (CWE-122) that triggers when a user opens or previews a maliciously crafted document. The CVSS 7.8 score reflects local attack vector with required user interaction, and no public exploit identified at time of analysis. Successful exploitation yields full confidentiality, integrity, and availability impact in the context of the current user.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH Exploit Unlikely This Month

Out-of-bounds read in Microsoft Office triggers local information disclosure when a victim opens a crafted document, exposing adjacent memory contents with high confidentiality impact. The vulnerability spans a wide product surface including Office 2016 through LTSC 2024, Microsoft 365 Apps for Enterprise, multiple SharePoint Server versions, and Mac variants, as confirmed by EUVD-2026-35664. No public exploit or CISA KEV listing is identified at time of analysis; vendor-released patches are available across affected product lines.

Information Disclosure Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local code execution in Microsoft Office is possible when a user opens a maliciously crafted document that triggers a heap-based buffer overflow (CWE-122), allowing the attacker to run arbitrary code in the context of the opened Office process. The CVSS 7.8 (AV:L/AC:L/PR:N/UI:R) reflects a user-interaction-driven local exploit rather than a remote network attack, and no public exploit identified at time of analysis. The flaw was reported through Microsoft Security Response Center (secure@microsoft.com) and is tracked in MSRC's update guide.

Heap Overflow Microsoft Buffer Overflow +7
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH Exploit Unlikely This Month

Cross-site scripting in Microsoft SharePoint enables network-based spoofing attacks by injecting malicious scripts into web page output. The vulnerability (CWE-79) targets users of the SharePoint web interface and, when triggered via user interaction, allows an attacker to manipulate page content or impersonate legitimate UI elements - degrading both confidentiality and integrity. No public exploit or active exploitation has been identified at time of analysis, though the low-complexity network vector lowers the bar for opportunistic abuse.

XSS Microsoft Sharepoint Server
NVD VulDB
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft SharePoint Server through unsafe deserialization of untrusted data allows authenticated attackers to execute arbitrary code with high privileges over the network. The vulnerability requires valid user credentials but no user interaction, making it exploitable by any authorized account. No patch is currently available, leaving affected systems vulnerable until Microsoft releases a fix.

Microsoft Deserialization Sharepoint Server
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Unsafe pointer dereference in Microsoft Office, SharePoint Server, and 365 Apps enables local code execution with high privileges on affected systems. An attacker with local access can exploit this memory safety flaw to achieve complete system compromise including data theft and modification. No patch is currently available, leaving users vulnerable until Microsoft releases a security update.

Microsoft Authentication Bypass Sharepoint Server +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Remote code execution in Microsoft SharePoint Server allows authenticated users to bypass input validation and execute arbitrary code across the network. This high-severity vulnerability (CVSS 8.8) affects authorized attackers who can leverage improper validation controls to achieve full system compromise. No patch is currently available, making immediate mitigation and access controls critical for affected organizations.

Microsoft Information Disclosure Sharepoint Server
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Microsoft SharePoint Server contains a reflected cross-site scripting vulnerability that allows remote attackers to execute arbitrary scripts in users' browsers through malicious links, enabling spoofing attacks and credential theft. The vulnerability requires user interaction to trigger and affects all SharePoint deployments with no available patch. With a CVSS score of 8.1, this poses a significant risk to organizations relying on SharePoint for collaboration.

Microsoft XSS Sharepoint Server
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Microsoft Outlook's unsafe deserialization of untrusted data enables remote attackers to spoof messages and identities without authentication over the network. This vulnerability affects Outlook, Word, and Microsoft 365 Apps, allowing attackers to impersonate legitimate senders and deceive users. No patch is currently available, making this a high-risk threat requiring immediate defensive measures.

Microsoft Outlook Deserialization +5
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Information disclosure in Microsoft Outlook, SharePoint Server, Office, and 365 Apps enables remote attackers to conduct email spoofing attacks without authentication or user interaction. The vulnerability affects multiple Microsoft collaboration products and could allow threat actors to impersonate legitimate senders to compromise organizational security. No patch is currently available for this high-severity issue.

Microsoft Outlook Sharepoint Server +3
NVD
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Stored XSS in Microsoft SharePoint Server enables authenticated users to inject malicious scripts that execute in other users' browsers, potentially leading to credential theft or session hijacking. The vulnerability requires user interaction and network access, but no patch is currently available, leaving organizations dependent on compensating controls or vendor updates.

Microsoft XSS Sharepoint Server
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Microsoft SharePoint Server contains a server-side request forgery vulnerability that allows authenticated users to access sensitive information across the network. An attacker with valid credentials can exploit this flaw to disclose confidential data without requiring user interaction. No patch is currently available for this issue.

Microsoft SSRF Sharepoint Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft SharePoint Server results from inadequate input validation, enabling attackers with local access to execute arbitrary code with user interaction. The vulnerability affects SharePoint deployments and carries high impact across confidentiality, integrity, and authenticity. No patch is currently available.

Microsoft Sharepoint Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local code execution in Microsoft Office Word (including 365 Apps and SharePoint Server) results from unsafe pointer dereferencing that can be triggered by user interaction with a malicious document. An attacker with local access can exploit this vulnerability to execute arbitrary code with the privileges of the affected user. No patch is currently available for this vulnerability.

Microsoft Office Long Term Servicing Channel Sharepoint Server +3
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

SQL injection in Microsoft SharePoint Server enables authenticated attackers to execute arbitrary code remotely through improper sanitization of database queries. This vulnerability affects authorized users with network access and could allow them to compromise affected systems with high-level privileges. No patch is currently available for this issue.

Microsoft SQLi Sharepoint Server
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Untrusted search path in Microsoft Office allows an unauthorized attacker to execute code locally. [CVSS 7.0 HIGH]

Microsoft Office Deployment Tool Sharepoint Server +1
NVD
EPSS 3% CVSS 8.0
HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Free of memory not on the heap in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Microsoft +5
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure 365 Apps +5
NVD
EPSS 9% CVSS 8.8
HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft SSRF Sharepoint Server
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft 365 Apps +5
NVD
EPSS 0% CVSS 8.4
HIGH This Month

Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft 365 Apps +5
NVD
EPSS 6% CVSS 8.8
HIGH This Month

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Microsoft Sharepoint Server
NVD
EPSS 60% 8.1 CVSS 6.5
MEDIUM POC KEV PATCH THREAT Act Now

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Microsoft Authentication Bypass Sharepoint Enterprise Server +1
NVD
EPSS 64% 8.7 CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

Microsoft Office SharePoint contains a code injection vulnerability (CVE-2025-49704, CVSS 8.8) enabling authenticated attackers to execute arbitrary code over the network. KEV-listed with EPSS 63.8%, this vulnerability requires only basic SharePoint authentication and enables server-level code execution, threatening the documents, workflows, and data stored across the organization's SharePoint infrastructure.

Microsoft RCE Code Injection +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Microsoft Use After Free Memory Corruption +6
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Microsoft Authentication Bypass Sharepoint Server
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

SQL injection vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint deployments where an authorized user can craft malicious SQL commands through improperly neutralized input fields. This is a high-severity issue (CVSS 8.8) with significant confidentiality, integrity, and availability impact, particularly concerning given SharePoint's role as a critical enterprise collaboration platform.

Microsoft SQLi Exchange +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Heap-based buffer overflow vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high impact on confidentiality, integrity, and availability. The vulnerability requires user interaction (opening a malicious document) but no elevated privileges, making it a significant local code execution threat affecting Word users who open untrusted documents.

Microsoft Buffer Overflow Windows +7
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in Microsoft Office Word that allows local, unauthenticated attackers to execute arbitrary code with high severity (CVSS 7.8). The vulnerability requires user interaction (opening a malicious document) but grants complete system compromise through code execution. This is a memory safety issue (CWE-416) in Word's document processing engine that could be actively exploited if public POC becomes available.

Use After Free Microsoft Windows +7
NVD
EPSS 9% CVSS 8.8
HIGH POC PATCH This Week

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely with high impact to confidentiality, integrity, and availability. The vulnerability affects SharePoint environments where an authorized user can submit malicious serialized objects, bypassing input validation due to unsafe deserialization practices (CWE-502). While the attack requires valid credentials (PR:L), the network-accessible attack vector (AV:N), low attack complexity (AC:L), and high CVSS score of 8.8 indicate significant real-world risk, particularly in organizations with broad internal user bases or federated access.

Microsoft Deserialization Exchange +3
NVD Exploit-DB
EPSS 17% CVSS 8.8
HIGH PATCH Act Now

Critical deserialization vulnerability in Microsoft Office SharePoint that allows authenticated attackers to execute arbitrary code remotely without user interaction. The vulnerability affects SharePoint environments where untrusted data is deserialized, enabling network-based code execution with high impact to confidentiality, integrity, and availability. While no public exploit code has been confirmed in open intelligence sources, the CVSS 8.8 rating and low attack complexity suggest this is a high-priority patch for all affected organizations.

Microsoft Office365 Deserialization +3
NVD
EPSS 2% CVSS 7.4
HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
EPSS 1% CVSS 7.0
HIGH This Week

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Microsoft Deserialization Sharepoint Server
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sharepoint Enterprise Server +1
NVD
EPSS 22% CVSS 7.2
HIGH Act Now

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 21.9% and no vendor patch available.

Microsoft Deserialization Sharepoint Enterprise Server +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Denial Of Service 365 Apps +5
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Microsoft +6
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Buffer Overflow +7
NVD
EPSS 2% CVSS 8.0
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Authentication Bypass +1
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Server
NVD
EPSS 1% CVSS 7.2
HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Sharepoint Server
NVD
EPSS 2% CVSS 7.4
HIGH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Deserialization RCE Microsoft +1
NVD
EPSS 2% CVSS 8.2
HIGH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Sharepoint Server
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

Microsoft Office Remote Code Execution Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure RCE +6
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft +1
NVD
EPSS 3% CVSS 6.5
MEDIUM This Month

Microsoft SharePoint Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sharepoint Server
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft SharePoint Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Sharepoint Server
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Microsoft SharePoint Server Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Denial Of Service Microsoft +1
NVD
EPSS 36% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 4% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +1
NVD
EPSS 8% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft +1
NVD
EPSS 51% CVSS 8.8
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 48% CVSS 7.2
HIGH KEV PATCH THREAT This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 45% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 53% CVSS 7.2
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization RCE Microsoft +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Sharepoint Server
NVD
EPSS 84% CVSS 7.2
HIGH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Microsoft +1
NVD
EPSS 55% CVSS 7.5
HIGH This Week

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Microsoft +1
NVD
EPSS 1% CVSS 3.1
LOW Monitor

Microsoft SharePoint Server Spoofing Vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Microsoft Sharepoint Server
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Microsoft RCE +2
NVD
EPSS 3% CVSS 8.8
HIGH PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Microsoft RCE +1
NVD
EPSS 3% CVSS 6.8
MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +2
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Sharepoint Server
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Microsoft Word Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft 365 Apps +4
NVD
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Sharepoint Server
NVD
Page 1 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy