Sharepoint Server CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (497 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-29976	1 Microsoft	3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019	2026-02-13	7.8 High
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
CVE-2025-49704	1 Microsoft	3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019	2026-02-13	8.8 High
Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-49701	1 Microsoft	3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019	2026-02-13	8.8 High
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-53771	1 Microsoft	6 Sharepoint Enterprise Server, Sharepoint Enterprise Server 2016, Sharepoint Enterprise Server 2019 and 3 more	2026-02-13	6.5 Medium
Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-49712	1 Microsoft	5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2010 and 2 more	2026-02-13	8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2025-53736	1 Microsoft	20 365, 365 Apps, Office and 17 more	2026-02-13	6.8 Medium
Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
CVE-2025-53733	1 Microsoft	19 365, 365 Apps, Office and 16 more	2026-02-13	8.4 High
Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.
CVE-2025-53760	1 Microsoft	4 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 1 more	2026-02-13	7.1 High
Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network.
CVE-2024-38094	1 Microsoft	1 Sharepoint Server	2026-02-10	7.2 High
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-32987	1 Microsoft	1 Sharepoint Server	2026-02-10	7.5 High
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-38024	1 Microsoft	1 Sharepoint Server	2026-02-10	7.2 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38023	1 Microsoft	1 Sharepoint Server	2026-02-10	7.2 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30100	1 Microsoft	3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019	2025-12-17	7.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-36762	1 Microsoft	5 365 Apps, Office, Office Long Term Servicing Channel and 2 more	2025-10-30	7.3 High
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36764	1 Microsoft	1 Sharepoint Server	2025-10-30	8.8 High
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2019-0604	1 Microsoft	3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server	2025-10-29	9.8 Critical
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0594.
CVE-2020-1147	2 Microsoft, Redhat	18 .net Core, .net Framework, Sharepoint Enterprise Server and 15 more	2025-10-29	7.8 High
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2023-24955	1 Microsoft	2 Sharepoint Enterprise Server, Sharepoint Server	2025-10-28	7.2 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-29357	1 Microsoft	1 Sharepoint Server	2025-10-28	9.8 Critical
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-38177	1 Microsoft	2 Sharepoint Enterprise Server, Sharepoint Server	2025-10-08	6.1 Medium
Microsoft SharePoint Server Remote Code Execution Vulnerability

« first previous Page 7 of 25. next last »