CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0CVE-2025-49712 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49712
12 Aug 2025 — Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49712 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-53736 – Microsoft Word Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-53736
12 Aug 2025 — Buffer over-read in Microsoft Office Word allows an unauthorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53736 • CWE-126: Buffer Over-read •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2025-53733 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-53733
12 Aug 2025 — Incorrect conversion between numeric types in Microsoft Office Word allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53733 • CWE-681: Incorrect Conversion between Numeric Types •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53760 – Microsoft SharePoint Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-53760
12 Aug 2025 — Server-side request forgery (ssrf) in Microsoft Office SharePoint allows an authorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53760 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 5%CPEs: 3EXPL: 2CVE-2025-53771 – Microsoft SharePoint Server Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-53771
20 Jul 2025 — Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within ... • https://packetstorm.news/files/id/207412 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-287: Improper Authentication CWE-707: Improper Neutralization •
CVSS: 10.0EPSS: 87%CPEs: 3EXPL: 35CVE-2025-53770 – Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
https://notcve.org/view.php?id=CVE-2025-53770
20 Jul 2025 — Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. This vulnerability allows remote attackers to execute ar... • https://packetstorm.news/files/id/207412 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-49703 – Microsoft Word Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49703
08 Jul 2025 — Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49703 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-49701 – Microsoft SharePoint Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-49701
08 Jul 2025 — Improper authorization in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49701 • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 62%CPEs: 2EXPL: 1CVE-2025-49704 – Microsoft SharePoint Code Injection Vulnerability
https://notcve.org/view.php?id=CVE-2025-49704
08 Jul 2025 — Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint Server. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the DataSetSurrogateSelector class. The issue results from the lack of proper va... • https://packetstorm.news/files/id/207935 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 15%CPEs: 3EXPL: 2CVE-2025-49706 – Microsoft SharePoint Improper Authentication Vulnerability
https://notcve.org/view.php?id=CVE-2025-49706
08 Jul 2025 — Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. Improper authentication in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network. This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Referer HTTP header provided to the... • https://packetstorm.news/files/id/207935 • CWE-287: Improper Authentication •