Microsoft Microsoft Sharepoint Server 2019
245 CVEs affecting Microsoft Microsoft Sharepoint Server 2019. Latest disclosed: 2026-06-01. Critical: 6, High: 161.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-1595 | Critical | 9.9 | 2020-09-11 | <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successful… |
CVE-2020-1210 | Critical | 9.9 | 2020-09-11 | <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attack… |
CVE-2026-20963 | Critical | 9.8 | 2026-01-13 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. |
CVE-2025-53770 | Critical | 9.8 | 2025-07-20 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware… |
CVE-2023-29357 | Critical | 9.8 | 2023-06-13 | Microsoft SharePoint Server Elevation of Privilege Vulnerability |
CVE-2023-21716 | Critical | 9.8 | 2023-02-14 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2020-1523 | High | 8.9 | 2020-09-11 | <p>A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data. An attacker who successfully exploited this vulnera… |
CVE-2026-45659 | High | 8.8 | 2026-05-22 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40365 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40357 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-35439 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33112 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33110 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-26106 | High | 8.8 | 2026-03-10 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-26114 | High | 8.8 | 2026-03-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-20947 | High | 8.8 | 2026-01-13 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute co… |
CVE-2025-59237 | High | 8.8 | 2025-10-14 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-59228 | High | 8.8 | 2025-10-14 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-54897 | High | 8.8 | 2025-09-09 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-49712 | High | 8.8 | 2025-08-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |