Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sharepoint_enterprise_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 253 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-04-08 | CVE-2025-29793 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Sharepoint_enterprise_server, Sharepoint_server | 7.2 | ||
| 2025-04-08 | CVE-2025-29794 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Sharepoint_enterprise_server, Sharepoint_server | 8.8 | ||
| 2025-06-10 | CVE-2025-47163 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Sharepoint_enterprise_server, Sharepoint_server | 8.8 | ||
| 2025-06-10 | CVE-2025-47166 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Sharepoint_enterprise_server, Sharepoint_server | 8.8 | ||
| 2025-06-10 | CVE-2025-47168 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 365_apps, Office, Office_long_term_servicing_channel, Sharepoint_enterprise_server, Sharepoint_server, Word | N/A | ||
| 2025-06-10 | CVE-2025-47169 | Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 365_apps, Office, Office_long_term_servicing_channel, Sharepoint_enterprise_server, Sharepoint_server, Word | N/A | ||
| 2025-06-10 | CVE-2025-47172 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | Sharepoint_enterprise_server, Sharepoint_server | 8.8 | ||
| 2025-04-08 | CVE-2025-29820 | Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | 365_apps, Office, Office_long_term_servicing_channel, Sharepoint_enterprise_server | N/A | ||
| 2019-06-12 | CVE-2019-1031 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The... | Project_server, Sharepoint_enterprise_server, Sharepoint_foundation, Sharepoint_server | 5.4 | ||
| 2019-06-12 | CVE-2019-1032 | A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint server. The attacker who successfully exploited the vulnerability could then perform cross-site scripting attacks on affected systems and run script in the security context of the current user. The... | Sharepoint_enterprise_server, Sharepoint_server | 5.4 |