Microsoft Sharepoint_server
125 CVEs affecting Microsoft Sharepoint_server. Latest disclosed: 2026-06-01. Critical: 0, High: 42.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-45659 | High | 8.8 | 2026-05-22 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40365 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40357 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-35439 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33112 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-33110 | High | 8.8 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2022-21840 | High | 8.8 | 2022-01-11 | Microsoft Office Remote Code Execution Vulnerability |
CVE-2017-8569 | High | 8.8 | 2017-07-11 | Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected Shar… |
CVE-2017-8512 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2017-8509 | High | 8.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Executio… |
CVE-2016-0183 | High | 8.8 | 2016-05-11 | The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allo… |
CVE-2013-0006 | High | 8.8 | 2013-01-09 | Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a cr… |
CVE-2026-40367 | High | 8.4 | 2026-05-12 | Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
CVE-2026-47294 | High | 8.0 | 2026-06-01 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2026-40368 | High | 8.0 | 2026-05-12 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
CVE-2022-41061 | High | 7.8 | 2022-11-09 | Microsoft Word Remote Code Execution Vulnerability |
CVE-2017-8743 | High | 7.8 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail… |
CVE-2017-8742 | High | 7.8 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 S… |
CVE-2017-8501 | High | 7.8 | 2017-07-11 | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka "Microsoft Office Memory Corruption Vulnera… |
CVE-2017-8513 | High | 7.8 | 2017-06-15 | A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Re… |