Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-78

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-1220

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-20

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 · CWE: CWE-79

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 · CWE: CWE-20

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 8.8 · CWE: CWE-79

View on NVD

Microsoft SharePoint Online Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver l…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-20

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVSS: 7.1 · CWE: CWE-918

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation…

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-94

View on NVD

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-285

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.4 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.0 · CWE: CWE-502

View on NVD

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-269

View on NVD

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-285

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 7.2 · CWE: CWE-502

View on NVD

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary argum…

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-285

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-285

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.4 · CWE: CWE-502

View on NVD

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.2 · CWE: CWE-284

View on NVD

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

CVSS: 8.5 · CWE: CWE-611

View on NVD

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-284

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be pass…

CVSS: 8.8 · CWE: CWE-95

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be pa…

CVSS: 8.8 · CWE: CWE-95

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to…

CVSS: 8.8 · CWE: CWE-95

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-77

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-77

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 7.5 · CWE: CWE-918

View on NVD

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.

CVSS: 9.8 · CWE: CWE-22

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-416

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-73

View on NVD

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 a…

CVSS: 8.1 · CWE: CWE-287

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.8 · CWE: CWE-79

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-94

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.3 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-303

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-94

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.1 · CWE: CWE-918

View on NVD

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.

CVSS: 9.8 · CWE: CWE-434

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-284

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-284

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Prem…

CVSS: 7.3 · CWE: CWE-280

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11…

CVSS: 7.1 · CWE: CWE-280

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because authorization is mishandled.

CVSS: 9.8 · CWE: CWE-863

View on NVD

Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation.

CVSS: 9.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: N/A

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.3 · CWE: N/A

View on NVD

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: N/A

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6 · CWE: N/A

View on NVD