792 matches found
MAL-2026-3885 Malicious code in @antv/f-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4118 Malicious code in @antv/xflow (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Arbitrary Code Execution
GitHub Copilot CLI is vulnerable to Command Injection. The vulnerability is due to improper safety assessment of shell commands in the shell tool, where dangerous Bash parameter expansion patterns such as $var@P, $!var, $var:=value, and nested $cmd expressions are incorrectly classified as...
Microsoft 365 Copilot < 19.2604.43111.0 Spoofing (CVE-2026-41614)
The Windows 'Microsoft 365 Copilot' app formerly known as 'Microsoft 365 Office' installed on the remote host is prior to 19.2604.43111.0. It is, therefore, affected by a spoofing vulnerability: - Improper access control in Microsoft 365 Copilot for Desktop allows an unauthorized attacker to...
CVE-2026-41100
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
CVE-2026-42893
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-45033
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...
CVE-2026-45033
GitHub Copilot CLI (affected component: Git operations in Copilot CLI) contains a local privilege/command execution flaw exposed when a malicious bare git repository is nested within a project directory. The issue arises from git auto-discovery of bare repositories during directory traversal, all...
CVE-2026-45033
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...
CVE-2026-45033 GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via core.fsmonitor
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...
GitHub Copilot CLI 安全漏洞
GitHub Copilot CLI is a terminal AI programming assistant open sourced by GitHub. Versions of GitHub Copilot CLI prior to version 1.0.43 contained a security vulnerability. This vulnerability stemmed from malicious bare git repositories nested within project directories. When the agent performed...
CVE-2026-33111
Improper neutralization of special elements used in a command 'command injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-26164
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-29716
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...
EUVD-2026-29697
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
EUVD-2026-29686
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...
CVE-2026-42893
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
CVE-2026-41100
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...