Microsoft Sharepoint Enterprise Server vulnerabilities

256 known vulnerabilities affecting microsoft/sharepoint_enterprise_server.

Total CVEs

256

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL3HIGH120MEDIUM129LOW4

Vulnerabilities

Page 1 of 13

CVE-2025-54905HIGHCVSS 7.1v20162025-09-09

CVE-2025-54905 [HIGH] CWE-822 CVE-2025-54905: Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose i Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-53733HIGHCVSS 8.4v20162025-08-12

CVE-2025-53733 [HIGH] CWE-681 CVE-2025-53733: Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-53736MEDIUMCVSS 6.2v20162025-08-12

CVE-2025-53736 [MEDIUM] CWE-126 CVE-2025-53736: Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information lo Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-47994HIGHCVSS 8.6v20162025-07-08

CVE-2025-47994 [HIGH] CWE-502 CVE-2025-47994: Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate pri Deserialization of untrusted data in Microsoft Office allows an unauthorized attacker to elevate privileges locally.

nvd

CVE-2025-49706MEDIUMCVSS 6.5KEVPoCv20162025-07-08

CVE-2025-49706 [MEDIUM] CWE-287 CVE-2025-49706: Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform sp Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-47169HIGHCVSS 7.8v20162025-06-10

CVE-2025-47169 [HIGH] CWE-122 CVE-2025-47169: Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-47163HIGHCVSS 8.8v20162025-06-10

CVE-2025-47163 [HIGH] CWE-502 CVE-2025-47163: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd

CVE-2025-47166HIGHCVSS 8.8PoCv20162025-06-10

CVE-2025-47166 [HIGH] CWE-502 CVE-2025-47166: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd

CVE-2025-47168HIGHCVSS 7.8v20162025-06-10

CVE-2025-47168 [HIGH] CWE-416 CVE-2025-47168: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-47172HIGHCVSS 8.8v20162025-06-10

CVE-2025-47172 [HIGH] CWE-89 CVE-2025-47172: Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Of Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd

CVE-2025-27747HIGHCVSS 7.8v20162025-04-08

CVE-2025-27747 [HIGH] CWE-822 CVE-2025-27747: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-29793HIGHCVSS 7.2v20162025-04-08

CVE-2025-29793 [HIGH] CWE-502 CVE-2025-29793: Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to ex Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd

CVE-2025-29820HIGHCVSS 7.8v20162025-04-08

CVE-2025-29820 [HIGH] CWE-416 CVE-2025-29820: Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

nvd

CVE-2025-29794HIGHCVSS 8.8v20162025-04-08

CVE-2025-29794 [HIGH] CWE-285 CVE-2025-29794: Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

nvd

CVE-2023-38177MEDIUMCVSS 6.8v20162023-11-14

CVE-2023-38177 [MEDIUM] CWE-502 CVE-2023-38177: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability

nvd

CVE-2023-24955HIGHCVSS 7.2KEVPoCv20162023-05-09

CVE-2023-24955 [HIGH] CWE-94 CVE-2023-24955: Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft SharePoint Server Remote Code Execution Vulnerability

nvd

CVE-2023-24954MEDIUMCVSS 6.5v20162023-05-09

CVE-2023-24954 [MEDIUM] CWE-918 CVE-2023-24954: Microsoft SharePoint Server Information Disclosure Vulnerability Microsoft SharePoint Server Information Disclosure Vulnerability

nvd

CVE-2023-24950MEDIUMCVSS 6.5v20162023-05-09

CVE-2023-24950 [MEDIUM] CWE-20 CVE-2023-24950: Microsoft SharePoint Server Spoofing Vulnerability Microsoft SharePoint Server Spoofing Vulnerability

nvd

CVE-2023-21716CRITICALCVSS 9.8Exploitedv2013v20162023-02-14

CVE-2023-21716 [CRITICAL] CWE-190 CVE-2023-21716: Microsoft Word Remote Code Execution Vulnerability Microsoft Word Remote Code Execution Vulnerability

nvd

CVE-2023-21717HIGHCVSS 8.8v2013v20162023-02-14

CVE-2023-21717 [HIGH] CWE-284 CVE-2023-21717: Microsoft SharePoint Server Elevation of Privilege Vulnerability Microsoft SharePoint Server Elevation of Privilege Vulnerability

nvd

1 / 13Next →