Lucene search
K

824 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.18 views

PT-2026-47964

Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Microsoft Visual Studio Code 路径遍历漏洞

Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a path traversal vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain feature...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.17 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.4AI score0.00732EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.5AI score0.0764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.8 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS5.7AI score0.00452EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6874

A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...

5.3CVSS4.9AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.14 views

CVE-2026-6662

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

7.5CVSS6.6AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45033

GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...

8.5CVSS6.2AI score0.0035EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.10 views

EUVD-2026-34334

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.0764EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.9 views

EUVD-2026-34335

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

7.7CVSS6AI score0.00452EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34336

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.13 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS0.00452EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.12 views

CVE-2026-42824

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.0764EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.22 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00732EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 10:0 p.m.7 views

CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

6.5CVSS5.4AI score0.00732EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 10:0 p.m.27 views

CVE-2026-47644

CVE-2026-47644 affects Copilot Chat in Microsoft Edge. The issue is an improper neutralization of special elements in output used by a downstream component ("injection"), enabling an unauthorized attacker to disclose information over a network. The vulnerability is documented across multiple sour...

7.5CVSS5.8AI score0.00732EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 10:0 p.m.31 views

CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

...

6.5CVSS0.00732EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.7 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 10:0 p.m.27 views

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

...

6.5CVSS0.0764EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 10:0 p.m.79 views

CVE-2026-42824

Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.

7.5CVSS6.1AI score0.0764EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder