Microsoft Microsoft Sharepoint Server Subscription Edition
120 CVEs affecting Microsoft Microsoft Sharepoint Server Subscription Edition. Latest disclosed: 2026-06-01. Critical: 3, High: 88.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-20963 | Critical | 9.8 | 2026-01-13 | Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network. |
CVE-2025-53770 | Critical | 9.8 | 2025-07-20 | Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware… |
CVE-2023-21716 | Critical | 9.8 | 2023-02-14 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2026-45659 | High | 8.8 | 2026-05-22 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40365 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40357 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-35439 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33112 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33110 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-26106 | High | 8.8 | 2026-03-10 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-20947 | High | 8.8 | 2026-01-13 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute co… |
CVE-2025-64672 | High | 8.8 | 2025-12-09 | Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform sp… |
CVE-2025-59237 | High | 8.8 | 2025-10-14 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-59228 | High | 8.8 | 2025-10-14 | Improper input validation in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-54897 | High | 8.8 | 2025-09-09 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-49701 | High | 8.8 | 2025-07-08 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-47172 | High | 8.8 | 2025-06-10 | Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute co… |
CVE-2025-47166 | High | 8.8 | 2025-06-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-47163 | High | 8.8 | 2025-06-10 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2025-29794 | High | 8.8 | 2025-04-08 | Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |