CVE Daily
← All tags

Tag: Microsoft SharePoint

All CVEs associated with "Microsoft SharePoint". Page 1/5 • 536 CVEs.

About “Microsoft SharePoint”

A curated feed of “Microsoft SharePoint”-related CVEs appears below. We currently track 536 CVEs for this tag (all time). In the last 365 days, 36 were published. Average CVSS is 7.0 (all time; 8.2 over 365d), and 55% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-502 - Deserialization of Untrusted Data, CWE-20 - Improper Input Validation, CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting').

In our taxonomy this topic maps to a MODERATE impact class. Identity providers govern authentication across the estate. Upgrade, enforce phishing resistant MFA, review audit logs, rotate admin keys, and tighten policies. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: sharepoint

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
subscription16.0.19725.20280Unavailable-
201916.0.10417.20128 Soon
201616.0.5552.1002 Soon
201315.0.5545.1000 Expired
201014.0.7268.5000 Expired
200712.0.6690.5000 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS  ·  RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Microsoft SharePoint”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-06-01
High

CVE-2026-47294

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2026-05-22
High

CVE-2026-45659

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2026-05-12
High

CVE-2026-40368

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2026-40365

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
High

CVE-2026-40357

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2026-35439

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2026-33112

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2026-33110

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2026-04-14
Medium

CVE-2026-32201

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2026-20945

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 4.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-03-10
High

CVE-2026-26114

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2026-26106

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-26105

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 8.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2026-01-13
Critical

CVE-2026-20963

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2026-20959

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 4.6 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2026-20958

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to disclose information over a network.

CVSS: 5.4 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2026-20951

Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2026-20947

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-12-09
High

CVE-2025-64672

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-11-20
Critical

CVE-2025-59245

Microsoft SharePoint Online Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-11-19
High

CVE-2025-10703

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Re…

CVSS: 8.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-10702

Improper Control of Generation of Code ('Code Injection') vulnerability in Progress DataDirect Connect for JDBC drivers, Progress DataDirect Open Access JDBC driver and Hybrid Data Pipeline allows Re…

CVSS: 8.6 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
2025-11-11
High

CVE-2025-62204

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-10-14
High

CVE-2025-59237

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-59228

Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
2025-09-09
High

CVE-2025-54897

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-08-12
High

CVE-2025-53760

Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.

CVSS: 7.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
High

CVE-2025-49712

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-07-20
Medium

CVE-2025-53771

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2025-53770

Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exis…

CVSS: 9.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-07-08
Medium

CVE-2025-49706

Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

CVSS: 6.5 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2025-49704

Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-49701

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
2025-06-10
High

CVE-2025-47172

Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2025-47166

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-47163

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-05-13
High

CVE-2025-30384

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.4 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-30382

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-30378

Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.

CVSS: 7.0 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2025-29976

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-04-08
High

CVE-2025-29794

Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2025-29793

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2025-03-04
High

CVE-2025-1080

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In th…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2025-02-11
High

CVE-2025-21400

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.0 CWE: CWE-285 - Improper Authorization View on NVD
2025-01-14
Medium

CVE-2025-21393

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-21348

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2025-21344

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2024-12-12
High

CVE-2024-49070

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.4 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-49068

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2024-49064

Microsoft SharePoint Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
Medium

CVE-2024-49062

Microsoft SharePoint Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-23 - Relative Path Traversal View on NVD
2024-11-08
High

CVE-2024-10839

Zohocorp ManageEngine SharePoint Manager Plus versions 4503 and prior are vulnerable to authenticated XML External Entity (XXE) in the Management option.

CVSS: 8.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2024-10-08
High

CVE-2024-43503

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
2024-09-12
High

CVE-2024-45851

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45850

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
High

CVE-2024-45849

An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea…

CVSS: 8.8 CWE: CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') View on NVD
2024-09-10
Medium

CVE-2024-43466

Microsoft SharePoint Server Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-43464

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-38228

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-38227

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-38018

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2024-07-09
High

CVE-2024-38094

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-38024

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-38023

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2024-32987

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 7.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2024-06-25
Medium

CVE-2024-34400

An issue was discovered in VirtoSoftware Virto Kanban Board Web Part before 5.3.5.1 for SharePoint 2019. There is /_layouts/15/Virto.KanbanTaskManager/api/KanbanData.ashx LinkTitle2 XSS.

CVSS: 6.1 CWE: N/A View on NVD
2024-06-24
Medium

CVE-2024-33881

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows an NTLMv2 hash leak via a…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-33880

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. It discloses full pathnames via Virto.SharePoint.FileDownloader/Api/Download.ashx?action=archive.

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Critical

CVE-2024-33879

An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The Virto.SharePoint.FileDownloader/Api/Download.ashx isCompleted method allows arbitrary file download a…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2024-06-11
High

CVE-2024-30100

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2024-05-14
High

CVE-2024-30044

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2024-30043

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-611 - Improper Restriction of XML External Entity Reference View on NVD
2024-04-09
Medium

CVE-2024-26251

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2024-03-12
High

CVE-2024-21426

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2024-01-09
High

CVE-2024-21318

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-11-14
Medium

CVE-2023-38177

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 6.1 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-10-26
Medium

CVE-2023-46666

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. If a user is assigned limited access permissions t…

CVSS: 5.3 CWE: CWE-284 - Improper Access Control View on NVD
2023-09-12
High

CVE-2023-36764

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-73 - External Control of File Name or Path View on NVD
2023-08-28
High

CVE-2023-35785

Zoho ManageEngine Active Directory 360 versions 4315 and below, ADAudit Plus 7202 and below, ADManager Plus 7200 and below, Asset Explorer 6993 and below and 7xxx 7002 and below, Cloud Security Plus…

CVSS: 8.1 CWE: CWE-287 - Improper Authentication View on NVD
2023-08-08
Medium

CVE-2023-36894

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-36892

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-36891

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-36890

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-11
Medium

CVE-2023-33165

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2023-33160

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-33159

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-33157

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-33134

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
2023-06-14
Medium

CVE-2023-33142

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
Medium

CVE-2023-33132

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2023-33130

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2023-33129

Microsoft SharePoint Server Denial of Service Vulnerability

CVSS: 6.5 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Critical

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
2023-05-09
High

CVE-2023-24955

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 7.2 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Medium

CVE-2023-24954

Microsoft SharePoint Server Information Disclosure Vulnerability

CVSS: 6.5 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
Medium

CVE-2023-24950

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2023-04-11
High

CVE-2023-28288

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 8.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-04-10
Critical

CVE-2023-29375

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. There is potentially dangerous fi…

CVSS: 9.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2023-03-14
Low

CVE-2023-23395

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 3.1 CWE: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect') View on NVD
2023-02-14
High

CVE-2023-21717

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2023-01-10
High

CVE-2023-21744

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
Medium

CVE-2023-21743

Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVSS: 5.3 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2023-21742

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-13
High

CVE-2022-44693

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-44690

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2022-12-07
Medium

CVE-2022-45910

Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows a…

CVSS: 5.3 CWE: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') View on NVD
2022-11-14
Medium

CVE-2022-38167

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.

CVSS: 6.1 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2022-11-09
Medium

CVE-2022-41122

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 6.5 CWE: N/A View on NVD
High

CVE-2022-41062

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2022-10-27
Medium

CVE-2022-39364

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server prior to versions 23.0.9 and 24.0.5 and Nextcloud Enterprise Server prior to versi…

CVSS: 4.0 CWE: CWE-312 - Cleartext Storage of Sensitive Information View on NVD
2022-10-11
Medium

CVE-2022-3140

LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In th…

CVSS: 6.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2022-41038

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-41037

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-41036

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-38053

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2022-09-13
High

CVE-2022-38009

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-38008

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-37961

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2022-35823

Microsoft SharePoint Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
2022-06-15
High

CVE-2022-30158

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: N/A View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox