CVE-2025-66389

GitHub Copilot 1.372.0 allows filesystem access outside of a workspace folder without user approval via a file-handler URI parameter to fetchwebpage. Therefore, exfiltration could occur if there is indirect prompt injection...

PT-2026-50251

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.1 Description Trivy improperly trusts the org.opencontainers.image.title annotation in an OCI artifact manifest, using it as the destination filename when downloading content without proper validation or...

CVE-2026-26129

CVE-2026-26129 affects M365 Copilot. Root cause: improper neutralization of special elements enabling unauthorized information disclosure over a network. CVSS v3.1 base score 7.5 (NETWORK, HIGH confidentiality impact). No explicit exploit status or remediation details provided in the supplied doc...

CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability

...

CVE-2025-62998

Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through = 1.2.7...

CVE-2025-64671

Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to execute code locally...

CVE-2025-59286

Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to disclose information over a network...