Sharepoint vulnerabilities
- CVE-2025-53770 Published Jul 20, 2025
critical 9.8
Exploit known
ToolShellMicrosoft SharePointDeserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation.
- CVE-2025-49706 Published Jul 8, 2025
medium 6.5
Exploit known
Microsoft Office SharePointToolShellImproper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
- CVE-2025-49701 Published Jul 8, 2025
high 8.8
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-49703 Published Jul 8, 2025
high 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-49704 Published Jul 8, 2025
high 8.8
Exploit known
ToolShellMicrosoft Office SharePointImproper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47172 Published Jun 10, 2025
high 8.8
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47169 Published Jun 10, 2025
high 7.8
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-47168 Published Jun 10, 2025
high 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-47166 Published Jun 10, 2025
high 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-47163 Published Jun 10, 2025
high 8.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-30384 Published May 13, 2025
high 7.4
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30382 Published May 13, 2025
high 7.8
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-30378 Published May 13, 2025
high 7.0
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
- CVE-2025-29976 Published May 13, 2025
high 7.8
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
- CVE-2025-29794 Published Apr 8, 2025
high 8.8
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-29793 Published Apr 8, 2025
high 7.2
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
- CVE-2025-27747 Published Apr 8, 2025
high 7.8
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
- CVE-2025-27746 Published Apr 8, 2025
high 7.8
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-26642 Published Apr 8, 2025
high 7.8
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
- CVE-2025-21400 Published Feb 11, 2025
high 8.0
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-21393 Published Jan 14, 2025
medium 6.3
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2025-21348 Published Jan 14, 2025
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2025-21344 Published Jan 14, 2025
high 7.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-49070 Published Dec 12, 2024
high 7.4
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2024-49068 Published Dec 12, 2024
high 8.2
Microsoft SharePoint Elevation of Privilege Vulnerability
- CVE-2024-49065 Published Dec 12, 2024
medium 5.5
Microsoft Office Remote Code Execution Vulnerability
- CVE-2024-49064 Published Dec 12, 2024
medium 6.5
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2024-49062 Published Dec 12, 2024
medium 6.5
Microsoft SharePoint Information Disclosure Vulnerability
- CVE-2024-43503 Published Oct 8, 2024
high 7.8
Microsoft SharePoint Elevation of Privilege Vulnerability
- CVE-2024-43466 Published Sep 10, 2024
high 7.5
Microsoft SharePoint Server Denial of Service Vulnerability
- CVE-2024-43464 Published Sep 10, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38228 Published Sep 10, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38227 Published Sep 10, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38018 Published Sep 10, 2024
high 8.8
Microsoft Sharepoint ServerMicrosoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38094 Published Jul 9, 2024
high 7.2
Exploit known
Microsoft SharePoint Remote Code Execution Vulnerability
- CVE-2024-38024 Published Jul 9, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-38023 Published Jul 9, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-32987 Published Jul 9, 2024
high 7.5
Microsoft SharePoint Server Information Disclosure Vulnerability
- CVE-2024-30100 Published Jun 11, 2024
high 7.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-30044 Published May 14, 2024
high 7.2
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-30043 Published May 14, 2024
medium 6.5
Microsoft SharePoint Server Information Disclosure Vulnerability
- CVE-2024-26251 Published Apr 9, 2024
medium 6.8
Microsoft SharePoint Server Spoofing Vulnerability
- CVE-2024-21426 Published Mar 12, 2024
high 7.8
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CVE-2024-21318 Published Jan 9, 2024
high 8.8
Microsoft SharePoint Server Remote Code Execution Vulnerability