Lucene search
K

109 matches found

NVD
NVD
added 2026/06/19 9:16 p.m.12 views

CVE-2026-47645

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS0.00408EPSS
Exploits0References1
NVD
NVD
added 2026/06/19 9:16 p.m.14 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/19 8:29 p.m.9 views

CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

...

8.8CVSS5.8AI score0.00408EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 8:27 p.m.18 views

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

...

6.5CVSS0.00399EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 8:27 p.m.9 views

EUVD-2026-38087

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:27 p.m.5 views

CVE-2026-42895

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

6.5CVSS5.9AI score0.00399EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/19 8:27 p.m.5 views

CVE-2026-42895 Microsoft Copilot Tampering Vulnerability

...

6.5CVSS5.8AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 8:27 p.m.32 views

CVE-2026-42895

Microsoft Copilot vulnerability CVE-2026-42895 involves improper neutralization of special elements used in a command (command injection) that could allow an unauthorized attacker to tamper with data over a network. Affected component is Microsoft Copilot; root cause is improper input handling le...

7.5CVSS5.9AI score0.00399EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-51030

Name of the Vulnerable Software and Affected Versions Microsoft Copilot affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to perform tampering over a network. Recommendations At th...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51032

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot's Business Chat affected versions not specified Description An open redirect issue exists, which is a flaw that allows a user to be redirected to an untrusted external website. This can enable an unauthorized attacker to...

8.8CVSS5.8AI score0.00408EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS5.9AI score0.00399EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2026/06/15 3:9 p.m.12 views

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...

7.5CVSS5.7AI score0.0764EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.12 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/06 12:44 a.m.15 views

CVE-2026-42824

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.5AI score0.0764EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.8 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS5.7AI score0.00452EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.13 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS0.00452EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 10:0 p.m.79 views

CVE-2026-42824

Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.

7.5CVSS6.1AI score0.0764EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.7 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

7.7CVSS6AI score0.00452EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 10:0 p.m.38 views

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

...

6.5CVSS5.4AI score0.0764EPSS
Exploits0References1
Rows per page
Query Builder