792 matches found
GHSA-3VR4-CVMG-7FX4 copilot-api has Reliance on Reverse DNS Resolution for a Security-Critical Action
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
PT-2026-34760
Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description An open redirect allows an unauthorized attacker to redirect users to untrusted sites, which can lead to elevation of privilege over a network and risk to user accounts. This...
Copilot API Proxy 安全漏洞
Copilot API Proxy is a reverse proxy service for the GitHub Copilot API developed by Erick Christian. Versions of Copilot API Proxy prior to 0.7.0 contain security vulnerabilities. These vulnerabilities stem from the Header Handler component’s reliance on reverse DNS resolution for handling Host...
KLA91005 Multiple vulnerabilities in Microsoft Apps
Multiple vulnerabilities were found in Microsoft Apps. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft 365 Copilot can b...
Microsoft M365 Copilot 输入验证错误漏洞
Microsoft M365 Copilot is an AI-driven productivity tool developed by Microsoft Corporation. Microsoft M365 Copilot has a vulnerability related to input validation, which stems from URL redirection to untrusted sites. This vulnerability could allow unauthorized attackers to gain elevated privileg...
CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6874
CVE-2026-6874 affects ericc-ch copilot-api up to version 0.7.0, specifically a vulnerability in the Header Handler's /token path where manipulating the Host argument can cause reliance on reverse DNS resolution. The attack is described as remote-accessible, with exploitation publicly disclosed. V...
PT-2026-34586
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
@alialf/cc-switch (>=1.0.0 <=1.0.1), codex-copilot-dx (>=0.1.0 <=0.1.6) potentially affected by CVE-2026-6662 via copilot-api (=0.7.0)
copilot-api NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on copilot-api and may be impacted: - @alialf/cc-switch =1.0.0, =0.1.0, =0.1.6 Source cves: CVE-2026-6662 Source advisory: SNYK:JS-COPILOTAPI-16636640...
Permissive Cross-domain Policy with Untrusted Domains
Overview copilot-api is a Turn GitHub Copilot into OpenAI/Anthropic API compatible server. Usable with Claude Code! Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the CORS policy combined with the unauthenticated /token endpoint. An...
EUVD-2026-23923
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662 ericc-ch copilot-api Token Endpoint server.ts cors cross-domain policy
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-6662
CVE-2026-6662 affects the ericc-ch copilot-api up to version 0.7.0. The vulnerability lies in the Token Endpoint’s src/server.ts cors function, causing a permissive cross-domain policy that accepts untrusted domains. An attacker could trigger this remotely, and the exploit has been publicly discl...
Important: Red Hat Security Advisory: grafana-pcp security update
An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...