Total
443 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-49712 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53760 | 1 Microsoft | 1 Sharepoint Server | 2025-08-15 | N/A | 7.1 HIGH |
| Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-53771 | 1 Microsoft | 1 Sharepoint Server | 2025-08-14 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-49704 | 1 Microsoft | 1 Sharepoint Server | 2025-07-30 | N/A | 8.8 HIGH |
| Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-53770 | 1 Microsoft | 1 Sharepoint Server | 2025-07-30 | N/A | 9.8 CRITICAL |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | |||||
| CVE-2025-49706 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-30 | N/A | 6.5 MEDIUM |
| Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. | |||||
| CVE-2025-49703 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-07-16 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-49701 | 1 Microsoft | 1 Sharepoint Server | 2025-07-15 | N/A | 8.8 HIGH |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-29794 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
| Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-29793 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 7.2 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-26642 | 1 Microsoft | 7 365 Apps, Access, Excel and 4 more | 2025-07-09 | N/A | 7.8 HIGH |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47168 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47166 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47163 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
| Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-27747 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-27746 | 1 Microsoft | 5 365 Apps, Office, Office Long Term Servicing Channel and 2 more | 2025-07-09 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-47172 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2025-07-09 | N/A | 8.8 HIGH |
| Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | |||||
| CVE-2025-47169 | 1 Microsoft | 6 365 Apps, Office, Office Long Term Servicing Channel and 3 more | 2025-07-09 | N/A | 7.8 HIGH |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | |||||
| CVE-2025-29976 | 1 Microsoft | 1 Sharepoint Server | 2025-06-23 | N/A | 7.8 HIGH |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2019-1036 | 1 Microsoft | 4 Project Server, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2025-05-20 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The attacks could allow the attacker to read content that the attacker is not authorized to read, use the victim's identity to take actions on the SharePoint site on behalf of the user, such as change permissions and delete content, and inject malicious content in the browser of the user. The security update addresses the vulnerability by helping to ensure that SharePoint Server properly sanitizes web requests. | |||||