Microsoft Sharepoint Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Sharepoint Server.
Recent Microsoft Sharepoint Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2025-49706 | CVE-2025-49706 Microsoft SharePoint Server Spoofing Vulnerability | July 8, 2025 |
| CVE-2025-47172 | CVE-2025-47172 Microsoft SharePoint Server Remote Code Execution Vulnerability | June 10, 2025 |
| CVE-2025-47166 | CVE-2025-47166 Microsoft SharePoint Server Remote Code Execution Vulnerability | June 10, 2025 |
| CVE-2025-47163 | CVE-2025-47163 Microsoft SharePoint Server Remote Code Execution Vulnerability | June 10, 2025 |
| CVE-2025-30384 | CVE-2025-30384 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30382 | CVE-2025-30382 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-30378 | CVE-2025-30378 Microsoft SharePoint Server Remote Code Execution Vulnerability | May 13, 2025 |
| CVE-2025-29976 | CVE-2025-29976 Microsoft SharePoint Server Elevation of Privilege Vulnerability | May 13, 2025 |
| CVE-2025-21400 | CVE-2025-21400 Microsoft SharePoint Server Remote Code Execution Vulnerability | February 11, 2025 |
| CVE-2025-21393 | CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability | January 14, 2025 |
By the Year
In 2025 there have been 19 vulnerabilities in Microsoft Sharepoint Server with an average score of 7.8 out of ten. Last year, in 2024 Sharepoint Server had 21 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sharepoint Server in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.60.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 19 | 7.79 |
| 2024 | 21 | 7.20 |
| 2023 | 27 | 7.55 |
| 2022 | 29 | 7.76 |
| 2021 | 53 | 7.09 |
| 2020 | 121 | 6.72 |
| 2019 | 47 | 6.64 |
| 2018 | 55 | 6.86 |
It may take a day or so for new Sharepoint Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Sharepoint Server Security Vulnerabilities
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-47163
8.8 - High
- June 10, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-47166
8.8 - High
- June 10, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Use after free in Microsoft Office Word
CVE-2025-47168
7.8 - High
- June 10, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Heap-based buffer overflow in Microsoft Office Word
CVE-2025-47169
7.8 - High
- June 10, 2025
Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint
CVE-2025-47172
8.8 - High
- June 10, 2025
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
SQL Injection
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-30384
7 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-30382
7.8 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-30378
7 - High
- May 13, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code locally.
Marshaling, Unmarshaling
Improper privilege management in Microsoft Office SharePoint
CVE-2025-29976
7.8 - High
- May 13, 2025
Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Use after free in Microsoft Office
CVE-2025-27746
7.8 - High
- April 08, 2025
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Dangling pointer
Use after free in Microsoft Office Word
CVE-2025-27747
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Untrusted Pointer Dereference
Deserialization of untrusted data in Microsoft Office SharePoint
CVE-2025-29793
7.2 - High
- April 08, 2025
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
Marshaling, Unmarshaling
Improper authorization in Microsoft Office SharePoint
CVE-2025-29794
8.8 - High
- April 08, 2025
Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
AuthZ
Use after free in Microsoft Office Word
CVE-2025-29820
7.8 - High
- April 08, 2025
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
Dangling pointer
Out-of-bounds read in Microsoft Office
CVE-2025-26642
7.8 - High
- April 08, 2025
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds Read
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21400
8 - High
- February 11, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
AuthZ
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21344
7.8 - High
- January 14, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
Improper Input Validation
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2025-21348
7.2 - High
- January 14, 2025
Microsoft SharePoint Server Remote Code Execution Vulnerability
AuthZ
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2025-21393
6.3 - Medium
- January 14, 2025
Microsoft SharePoint Server Spoofing Vulnerability
XSS
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-49068
8.2 - High
- December 12, 2024
Microsoft SharePoint Elevation of Privilege Vulnerability
Authorization
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-49070
7.4 - High
- December 12, 2024
Microsoft SharePoint Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-49065
5.5 - Medium
- December 12, 2024
Microsoft Office Remote Code Execution Vulnerability
Out-of-bounds Read
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2024-49064
6.5 - Medium
- December 12, 2024
Microsoft SharePoint Information Disclosure Vulnerability
XXE
Microsoft SharePoint Information Disclosure Vulnerability
CVE-2024-49062
6.5 - Medium
- December 12, 2024
Microsoft SharePoint Information Disclosure Vulnerability
Relative Path Traversal
Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2024-43503
7.8 - High
- October 08, 2024
Microsoft SharePoint Elevation of Privilege Vulnerability
Authorization
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38018
8.8 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38227
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Command Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38228
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Command Injection
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-43464
7.2 - High
- September 10, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Denial of Service Vulnerability
CVE-2024-43466
7.5 - High
- September 10, 2024
Microsoft SharePoint Server Denial of Service Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38024
7.2 - High
- July 09, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-38023
7.2 - High
- July 09, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2024-38094
7.2 - High
- July 09, 2024
Microsoft SharePoint Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-32987
7.5 - High
- July 09, 2024
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30100
7.8 - High
- June 11, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-30044
7.2 - High
- May 14, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Marshaling, Unmarshaling
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2024-30043
7.5 - High
- May 14, 2024
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2024-26251
3.1 - Low
- April 09, 2024
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21426
7.8 - High
- March 12, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2024-21318
8.8 - High
- January 09, 2024
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-38177
6.8 - Medium
- November 14, 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Elevation of Privilege Vulnerability
CVE-2023-36764
8.8 - High
- September 12, 2023
Microsoft SharePoint Server Elevation of Privilege Vulnerability
Microsoft Word Remote Code Execution Vulnerability
CVE-2023-36762
7.3 - High
- September 12, 2023
Microsoft Word Remote Code Execution Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36890
6.5 - Medium
- August 08, 2023
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36891
8 - High
- August 08, 2023
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-36892
8 - High
- August 08, 2023
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Information Disclosure Vulnerability
CVE-2023-36894
6.5 - Medium
- August 08, 2023
Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2023-33159
8.8 - High
- July 11, 2023
Microsoft SharePoint Server Spoofing Vulnerability
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2023-33160
8.8 - High
- July 11, 2023
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft SharePoint Server Security Feature Bypass Vulnerability
CVE-2023-33165
7.5 - High
- July 11, 2023
Microsoft SharePoint Server Security Feature Bypass Vulnerability
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Sharepoint Server or by Microsoft? Click the Watch button to subscribe.
