765 matches found
CVE-2026-11374
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, leading to account takeover...
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
...
EUVD-2026-38091
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-47645
Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...
EUVD-2026-37946
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-54130
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-54130
CVE-2026-54130 affects M365 Copilot and involves missing authentication for a critical function, enabling an unauthorized attacker to disclose information over a network. The NVD and CVE records confirm the root cause as unauthenticated access to a high-impact function, with a CVSS v3.1 base scor...
CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability
...
Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability
Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...
M365 Copilot Information Disclosure Vulnerability
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
Reconstructing AI activity in investigations
AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...
Microsoft Office 安全漏洞
Microsoft Office is a suite of office software products developed by Microsoft Corporation in the United States. Common components of this product include Word, Excel, Access, PowerPoint, and FrontPage. There are security vulnerabilities in Microsoft Office. Attackers can exploit these...
VerdantBamboo Deploys BSD Variant of BRICKSTORM on Linux Appliances
A China-nexus cyber espionage group has been observed deploying a BSD variant of a known backdoor called BRICKSTORM, as well as two other malware families codenamed PLENET aka GRIMBOLT and AGENTPSD to target Linux systems. The activity has been attributed by Volexity to a threat cluster it tracks...
New Pink Extortion Group Targets Microsoft 365 Cloud Data Via Vishing Scams
Cybersecurity researchers are warning businesses about Pink Extortion Group, a threat actor that uses voice phishing to bypass multi-factor authentication and steal files from cloud environments...
EUVD-2026-34334
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability
...
CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability
...
CVE-2026-42824
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-45497
CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...