Lucene search
+L

45 matches found

attackerkb
attackerkb
added 2026/05/07 8:58 p.m.9 views

CVE-2026-33111

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
cve
cve
added 2026/05/07 8:58 p.m.28 views

CVE-2026-33111

CVE-2026-33111 affects Copilot Chat in Microsoft Edge. The issue is an improper neutralization of special elements used in a command (command injection) that could allow an unauthorized attacker to disclose information over a network. According to the documented metrics, this is a Network attack ...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/05/07 8:58 p.m.72 views

CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

7.5CVSS0.01135EPSS
Exploits0References1
mscve
mscve
added 2026/05/07 2:0 p.m.21 views

Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.01135EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/07 12:0 a.m.11 views

Microsoft Copilot Chat 命令注入漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a command injection vulnerability, which stems from improper neutralization of special elements within commands. This vulnerability could allow...

7.5CVSS5.8AI score0.01135EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.31 views

PT-2026-38578

Name of the Vulnerable Software and Affected Versions Microsoft Edge Copilot Chat affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network...

7.8CVSS5.8AI score0.01135EPSS
Exploits0References12
nessus
nessus
added 2026/04/14 12:0 a.m.8 views

Microsoft Visual Studio Code CoPilot Chat Extension < 0.37.3 Information Disclosure (CVE-2026-23653)

The Microsoft Visual Studio Code CoPilot Chat Extension installed on the remote host is prior to 0.37.3. It is, therefore, affected by an information disclosure vulnerability: - A remote, authenticated attacker can exploit this vulnerability to disclose sensitive information. User interaction is...

6.5CVSS6.3AI score0.00739EPSS
Exploits0References2
nessus
nessus
added 2025/11/26 12:0 a.m.13 views

Security Update for Microsoft Visual Studio Code CoPilot Chat Extension (November 2025)

The Microsoft Visual Studio Code CoPilot Chat Extension prior to version 0.32.5. It is, therefore, affected by multiple vulnerabilities. - This vulnerability is a command injection flaw in the Visual Studio Code Copilot Chat Extension, where improper handling of special characters in...

8.8CVSS6.7AI score0.00726EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/11/12 6:1 p.m.9 views

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.00726EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/11/12 6:1 p.m.9 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS5.4AI score0.00458EPSS
Exploits0References1
ncsc
ncsc
added 2025/11/11 6:35 p.m.32 views

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio and Code Copilot for Visual Studio. A malicious party could exploit the vulnerabilities to bypass security measures and execute arbitrary code in the victim's context. For successful exploitation, the malicious party must trick the victim into...

8.8CVSS6.2AI score0.01014EPSS
Exploits0
nvd
nvd
added 2025/11/11 6:15 p.m.9 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS0.00458EPSS
Exploits0References1
osv
osv
added 2025/11/11 6:15 p.m.11 views

CVE-2025-62449

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS6AI score0.00458EPSS
Exploits0References1
osv
osv
added 2025/11/11 6:15 p.m.5 views

CVE-2025-62222

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.00726EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/11/11 5:59 p.m.8 views

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

...

6.8CVSS5.4AI score0.00458EPSS
Exploits0References1
euvd
euvd
added 2025/11/11 5:59 p.m.11 views

EUVD-2025-93395

Improper neutralization of special elements used in a command 'command injection' in Visual Studio Code CoPilot Chat Extension allows an unauthorized attacker to execute code over a network...

8.8CVSS5.9AI score0.00726EPSS
Exploits0References2
euvd
euvd
added 2025/11/11 5:59 p.m.9 views

EUVD-2025-93394

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS5.3AI score0.00458EPSS
Exploits0References2
cvelist
cvelist
added 2025/11/11 5:59 p.m.13 views

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

...

6.8CVSS0.00458EPSS
Exploits0References1
cve
cve
added 2025/11/11 5:59 p.m.23 views

CVE-2025-62449

The CVE-2025-62449 issue is a path traversal vulnerability in the Visual Studio Code CoPilot Chat Extension (prior to version 0.32.5). A local, low-privilege, authorized attacker can bypass a security feature and access files outside the intended workspace, with high impact to confidentiality and...

6.8CVSS5.4AI score0.00458EPSS
Exploits0References1Affected Software1
mscve
mscve
added 2025/11/11 8:0 a.m.9 views

Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability

Improper limitation of a pathname to a restricted directory 'path traversal' in Visual Studio Code CoPilot Chat Extension allows an authorized attacker to bypass a security feature locally...

6.8CVSS5.5AI score0.00458EPSS
Exploits0
Rows per page
Query Builder