KLA90920 Multiple vulnerabilities in Microsoft Open Source Software

Multiple vulnerabilities were found in Microsoft Open Source Software. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerabilitycan be exploited remotely to execu...

KLA90877 ACE vulnerability in Microsoft Copilot Plugin

A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code, bypass security restrictions. Original advisories CVE-2026-21516 Exploitation Related products GitHub-Copilot-Plugin CVE list CVE-2026-21516...

CVE-2025-62116 WordPress AI Copilot plugin <= 1.4.7 - Broken Access Control vulnerability

Missing Authorization vulnerability in Quadlayers AI Copilot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Copilot: from n/a through 1.4.7...

CVE-2025-62116

CVE-2025-62116 is described in the initial document as a Missing Authorization vulnerability in the QuadLayers AI Copilot (WordPress plugin), affecting versions from unknown up to and including 1.4.7. The connected Wordfence document substantively corroborates that AI Copilot is affected by a Mis...

GitHub Copilot for JetBrains < 1.5.60 Remote Code Execution (December 2025)

The GitHub Copilot for JetBrains plugin installed on the remote host is prior to version 1.5.60. It is, therefore, affected by a remote code execution vulnerability: - Improper neutralization of special elements used in a command 'command injection' in Copilot allows an unauthorized attacker to...

KLA90816 ACE vulnerability in Microsoft Copilot Plugin

A remote code execution vulnerability was found in Microsoft Copilot Studio. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2025-64671 Related products GitHub-Copilot-Plugin CVE list CVE-2025-64671 critical KB list Solution Install necessary...

Obsidian GitHub Copilot Plugin stores sensitive information in cleartext

Overview Obsidian GitHub Copilot Plugin provided by Pierre-Adrien Vasseur is vulnerable to the following vulnerability. Cleartext storage of sensitive information CWE-312 - CVE-2025-58401 Rui Nakajima reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

CVE-2025-58401

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. As a result, an attacker may perform unauthorized operations on the linked Github account...

PT-2025-36109

Name of the Vulnerable Software and Affected Versions: Obsidian GitHub Copilot Plugin versions prior to 1.1.7 Description: The Obsidian GitHub Copilot Plugin stores Github API tokens in cleartext form. This allows an attacker to perform unauthorized operations on the linked Github account...