Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-40412

Summary
Assigner-microsoft
Assigner Org ID-f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At-22 May, 2026 | 22:03
Updated At-22 May, 2026 | 22:03
Rejected At-
Credits

Azure Orbital Spatio Remote Code Execution Vulnerability

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:microsoft
Assigner Org ID:f38d906d-7342-40ea-92c1-6c4a2c6478c8
Published At:22 May, 2026 | 22:03
Updated At:22 May, 2026 | 22:03
Rejected At:
â–¼CVE Numbering Authority (CNA)
Azure Orbital Spatio Remote Code Execution Vulnerability

Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network.

Affected Products
Vendor
Microsoft CorporationMicrosoft
Product
Azure Orbital Spatio
Versions
Affected
  • -
Problem Types
TypeCWE IDDescription
CWECWE-434CWE-434: Unrestricted Upload of File with Dangerous Type
Type: CWE
CWE ID: CWE-434
Description: CWE-434: Unrestricted Upload of File with Dangerous Type
Metrics
VersionBase scoreBase severityVector
3.110.0CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Version: 3.1
Base score: 10.0
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412
vendor-advisory
patch
Hyperlink: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412
Resource:
vendor-advisory
patch
Information is not available yet

Similar CVEs

35Records found
CVE-2026-42901
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-22 May, 2026 | 22:04
Updated-23 May, 2026 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Elevation of Privilege Vulnerability

Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Entra
CWE ID-CWE-346
Origin Validation Error
CVE-2022-37968
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-2.51% / 85.59%
||
7 Day CHG-1.16%
Published-11 Oct, 2022 | 00:00
Updated-02 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_stack_edgeazure_arc-enabled_kubernetesAzure Arc-enabled Kubernetes cluster 1.5.8Azure Stack EdgeAzure Arc-enabled Kubernetes cluster 1.8.11Azure Arc-enabled Kubernetes cluster 1.7.18Azure Arc-enabled Kubernetes cluster 1.6.19
CVE-2026-42822
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 26.74%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 17:03
Updated-22 May, 2026 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability

Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_resource_managerazure_localAzure Local
CWE ID-CWE-287
Improper Authentication
CVE-2026-23652
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-22 May, 2026 | 22:03
Updated-22 May, 2026 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Power Pages Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Power Pages
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2026-41104
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-22 May, 2026 | 22:04
Updated-22 May, 2026 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Planetary Computer Pro Information Disclosure Vulnerability

Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Microsoft Planetary Computer Pro (GeoCatalog)
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-47280
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-Not Assigned
Published-22 May, 2026 | 22:03
Updated-22 May, 2026 | 22:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Resource Manager Elevation of Privilege Vulnerability

Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-Azure Resource Manager
CWE ID-CWE-287
Improper Authentication
CVE-2026-42826
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.11% / 29.79%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 20:59
Updated-22 May, 2026 | 22:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure DevOps Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_devopsAzure DevOps
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-35431
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.09% / 25.92%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 21:37
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Entra ID Entitlement Management Spoofing Vulnerability

Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33819
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.39% / 60.34%
||
7 Day CHG~0.00%
Published-23 Apr, 2026 | 21:35
Updated-12 May, 2026 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Bing Remote Code Execution Vulnerability

Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-bingMicrosoft Bing
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2026-32213
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:26
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure AI Foundry Elevation of Privilege Vulnerability

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_ai_foundryAzure AI Foundry
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33107
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:26
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Databricks Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_databricksAzure Databricks
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-32169
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.10% / 27.80%
||
7 Day CHG~0.00%
Published-19 Mar, 2026 | 21:06
Updated-14 Apr, 2026 | 17:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Cloud Shell Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_cloud_shellAzure Cloud Shell
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2026-33105
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-02 Apr, 2026 | 23:26
Updated-12 May, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_kubernetes_serviceAzure Kubernetes Service
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-32186
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.06% / 19.15%
||
7 Day CHG~0.00%
Published-03 Apr, 2026 | 17:22
Updated-12 May, 2026 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Bing Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-bingMicrosoft Bing
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-65037
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.05% / 16.49%
||
7 Day CHG-0.05%
Published-18 Dec, 2025 | 22:02
Updated-16 Apr, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Container Apps Remote Code Execution Vulnerability

Improper control of generation of code ('code injection') in Azure Container Apps allows an unauthorized attacker to execute code over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_container_appsAzure Container Apps
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2021-42313
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-3.17% / 87.10%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:14
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-42311
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-2.66% / 85.96%
||
7 Day CHG~0.00%
Published-15 Dec, 2021 | 14:14
Updated-04 Aug, 2024 | 03:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Defender for IoT Remote Code Execution Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-defender_for_iotMicrosoft Defender for IoT
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-54914
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.42% / 61.94%
||
7 Day CHG+0.08%
Published-04 Sep, 2025 | 23:09
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Networking Elevation of Privilege Vulnerability

Azure Networking Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_networkingNetworking
CWE ID-CWE-284
Improper Access Control
CVE-2025-55241
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.28% / 51.34%
||
7 Day CHG+0.11%
Published-04 Sep, 2025 | 23:09
Updated-26 Feb, 2026 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Entra ID Elevation of Privilege Vulnerability

Azure Entra ID Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-entra_idMicrosoft Entra
CWE ID-CWE-287
Improper Authentication
CVE-2025-59503
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-10||CRITICAL
EPSS-0.20% / 41.39%
||
7 Day CHG~0.00%
Published-23 Oct, 2025 | 21:18
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Compute Resource Provider Elevation of Privilege Vulnerability

Server-side request forgery (ssrf) in Azure Compute Gallery allows an unauthorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_compute_resource_providerAzure Compute Resource Provider
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2022-30216
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-59.58% / 98.28%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 22:37
Updated-08 Jul, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Server Service Tampering Vulnerability

Windows Server Service Tampering Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_11windows_server_2022windows_10Windows Server 2022Windows 10 Version 21H2Windows Server version 20H2Windows 10 Version 20H2Windows 11 version 21H2Windows 10 Version 21H1
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0929
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1023
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1024
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:52
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0974
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0920
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0971
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-22.50% / 95.92%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0932, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0931
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-20.66% / 95.67%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0932, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serverbusiness_productivity_serverssharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft Business Productivity ServersMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-0932
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-29.20% / 96.66%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:12
Updated-04 Aug, 2024 | 06:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0920, CVE-2020-0929, CVE-2020-0931, CVE-2020-0971, CVE-2020-0974.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2026-21536
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.70% / 82.51%
||
7 Day CHG~0.00%
Published-05 Mar, 2026 | 22:18
Updated-14 Apr, 2026 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Microsoft Devices Pricing Program Remote Code Execution Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-devices_pricing_programMicrosoft Devices Pricing Program
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1469
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-6.19% / 90.95%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-bondBond 9.0.1
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2021-31207
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.6||MEDIUM
EPSS-93.84% / 99.87%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-30 Oct, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
Microsoft Exchange Server Security Feature Bypass Vulnerability

Microsoft Exchange Server Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 9Microsoft Exchange Server 2019 Cumulative Update 8Microsoft Exchange Server 2013 Cumulative Update 23Microsoft Exchange Server 2016 Cumulative Update 19Microsoft Exchange Server 2016 Cumulative Update 20Exchange Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2019-1443
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-14.45% / 94.52%
||
7 Day CHG~0.00%
Published-12 Nov, 2019 | 18:53
Updated-04 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists in Microsoft SharePoint when an attacker uploads a specially crafted file to the SharePoint Server.An authenticated attacker who successfully exploited this vulnerability could potentially leverage SharePoint functionality to obtain SMB hashes.The security update addresses the vulnerability by correcting how SharePoint checks file content., aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_foundationsharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise ServerMicrosoft SharePoint Foundation
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1102
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-33.85% / 97.02%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024.

Action-Not Available
Vendor-Microsoft Corporation
Product-sharepoint_serversharepoint_enterprise_serverMicrosoft SharePoint ServerMicrosoft SharePoint Enterprise Server
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2020-1112
Matching Score-6
Assigner-Microsoft Corporation
ShareView Details
Matching Score-6
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.37% / 80.42%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 22:53
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008WindowsWindows ServerWindows 10 Version 1903 for x64-based SystemsWindows 10 Version 1903 for ARM64-based SystemsWindows 10 Version 1909 for ARM64-based SystemsWindows Server, version 1909 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1909 for 32-bit SystemsWindows 10 Version 1909 for x64-based Systems
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
Details not found