Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-78

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-1220

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 · CWE: CWE-20

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 4.6 · CWE: CWE-79

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-20

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 · CWE: CWE-79

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 4.6 · CWE: CWE-79

View on NVD

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVSS: 5.4 · CWE: CWE-918

View on NVD

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 · CWE: CWE-20

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 8.8 · CWE: CWE-79

View on NVD

Microsoft SharePoint Online Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver l…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Remote Code Inclusion. The SpyAttribute connection option implemented by the DataDirect Connect for JDBC drivers, DataDirect Hybrid Data Pipeline JDBC driver and the DataDirect OpenAccess JDBC driver…

CVSS: 8.6 · CWE: CWE-94

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-20

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVSS: 7.1 · CWE: CWE-918

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 · CWE: CWE-287

View on NVD

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation…

CVSS: 9.8 · CWE: CWE-502

View on NVD

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 · CWE: CWE-287

View on NVD

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-94

View on NVD

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-285

View on NVD

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-89

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.4 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 · CWE: CWE-502

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.0 · CWE: CWE-502

View on NVD

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 · CWE: CWE-269

View on NVD

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-285

View on NVD

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 7.2 · CWE: CWE-502

View on NVD

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice a link in a browser using that scheme could be constructed with an embedded inner URL that when passed to LibreOffice could call internal macros with arbitrary argum…

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.0 · CWE: CWE-285

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.3 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-285

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-20

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.4 · CWE: CWE-502

View on NVD

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.2 · CWE: CWE-284

View on NVD

Microsoft SharePoint Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-611

View on NVD

Microsoft SharePoint Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-23

View on NVD

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

CVSS: 8.5 · CWE: CWE-611

View on NVD

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 7.8 · CWE: CWE-284

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be pass…

CVSS: 8.8 · CWE: CWE-95

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be pa…

CVSS: 8.8 · CWE: CWE-95

View on NVD

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to…

CVSS: 8.8 · CWE: CWE-95

View on NVD

Microsoft SharePoint Server Denial of Service Vulnerability

CVSS: 6.5 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-77

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-77

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 7.5 · CWE: CWE-918

View on NVD

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS.

CVSS: 6.1 · CWE: N/A

View on NVD

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a UNC share pathname in the path parameter.

CVSS: 5.3 · CWE: CWE-22

View on NVD

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.

CVSS: 5.3 · CWE: CWE-200

View on NVD

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download and deletion via absolute path traversal in the path parameter.

CVSS: 9.8 · CWE: CWE-22

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-426

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-611

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.8 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-416

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 6.1 · CWE: CWE-502

View on NVD

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions to an item on a Sharepoint site then that user would have read permissions to all content on the Sharepoint site through Elasticsearch.

CVSS: 5.3 · CWE: CWE-284

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-73

View on NVD

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus 4161 and below, Data Security Plus 6110 and below, Eventlog Analyzer 12301 and below, Exchange Reporter Plus 5709 and below, Log360 5315 and below, Log360 UEBA 4045 and below, M365 Manager Plus 4529 a…

CVSS: 8.1 · CWE: CWE-287

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-200

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-284

View on NVD

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVSS: 4.3 · CWE: CWE-200

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.8 · CWE: CWE-79

View on NVD

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-94

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 · CWE: CWE-502

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 6.5 · CWE: CWE-285

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.3 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.3 · CWE: CWE-79

View on NVD

Microsoft SharePoint Server Denial of Service Vulnerability

CVSS: 6.5 · CWE: CWE-122

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 9.8 · CWE: CWE-303

View on NVD

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 · CWE: CWE-94

View on NVD

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 · CWE: CWE-918

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.5 · CWE: CWE-20

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.1 · CWE: CWE-918

View on NVD

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous file upload through the SharePoint connector.

CVSS: 9.8 · CWE: CWE-434

View on NVD

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 3.1 · CWE: CWE-601

View on NVD

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 · CWE: CWE-284

View on NVD