Sharepoint Server Subscription Edition CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-33110	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-05-13	8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-33112	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-05-13	8.8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-40368	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-05-13	8 High
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-20945	1 Microsoft	5 Sharepoint Enterprise Server 2016, Sharepoint Server, Sharepoint Server 2016 and 2 more	2026-05-06	4.6 Medium
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
CVE-2026-32201	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-04-24	6.5 Medium
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-26113	1 Microsoft	14 365 Apps, Microsoft 365 Apps For Enterprise, Office and 11 more	2026-04-14	8.4 High
Untrusted pointer dereference in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26105	1 Microsoft	4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more	2026-04-14	8.1 High
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.

Page 1 of 1.