824 matches found
PT-2026-47964
Name of the Vulnerable Software and Affected Versions GitHub Copilot affected versions not specified Visual Studio Code affected versions not specified Description Improper limitation of a pathname to a restricted directory, known as path traversal, allows an unauthorized attacker to bypass...
Microsoft Visual Studio Code 路径遍历漏洞
Microsoft GitHub Copilot and Visual Studio Code are a set of intelligent coding tools developed by the American company Microsoft. There is a path traversal vulnerability present in Microsoft GitHub Copilot and Visual Studio Code. Attackers can exploit this vulnerability to bypass certain feature...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-6874
A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host can lead to reliance on reverse dns resolution. The attack may be performed from remote. The explo...
CVE-2026-6662
A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...
CVE-2026-45033
GitHub Copilot CLI brings AI-powered coding assistance directly to your command line. Prior to 1.0.43, a security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can achieve arbitrary code execution when the agent...
EUVD-2026-34334
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-34335
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
EUVD-2026-34336
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497
Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...
CVE-2026-42824
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
...
CVE-2026-47644
CVE-2026-47644 affects Copilot Chat in Microsoft Edge. The issue is an improper neutralization of special elements in output used by a downstream component ("injection"), enabling an unauthorized attacker to disclose information over a network. The vulnerability is documented across multiple sour...
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-42824
Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.