Lucene search
K

825 matches found

CVE
CVE
added 2026/06/18 9:42 p.m.101 views

CVE-2026-54130

CVE-2026-54130 affects M365 Copilot and involves missing authentication for a critical function, enabling an unauthorized attacker to disclose information over a network. The NVD and CVE records confirm the root cause as unauthenticated access to a high-impact function, with a CVSS v3.1 base scor...

9.8CVSS5.3AI score0.00578EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/18 9:42 p.m.21 views

CVE-2026-54130 M365 Copilot Information Disclosure Vulnerability

...

9.8CVSS0.00578EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.9 views

Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability

Url redirection to untrusted site 'open redirect' in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.00408EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.8 views

Microsoft Copilot Tampering Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

7.5CVSS5.9AI score0.00399EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/18 2:0 p.m.13 views

M365 Copilot Information Disclosure Vulnerability

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

9.8CVSS5.9AI score0.00578EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.12 views

PT-2026-50802

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description A missing authentication flaw in a critical function allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no information about ...

9.8CVSS5.9AI score0.00578EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50251

Name of the Vulnerable Software and Affected Versions Trivy versions prior to 0.71.1 Description Trivy improperly trusts the org.opencontainers.image.title annotation in an OCI artifact manifest, using it as the destination filename when downloading content without proper validation or...

7.5CVSS5.9AI score0.00292EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.92 views

Security Update for Microsoft Visual Studio Code (June 2026)

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.123.2. It is, therefore, affected by multiple vulnerabilities: - Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CVE-2026-47281 -...

9.6CVSS5.5AI score0.00763EPSS
Exploits0References15
The Hacker News
The Hacker News
added 2026/06/15 3:9 p.m.12 views

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link...

7.5CVSS5.7AI score0.0764EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.11 views

CVE-2026-45482

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS5.5AI score0.00345EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/09 6:23 p.m.18 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

9.6CVSS5.7AI score0.0243EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.29 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.5AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/06/09 5:35 p.m.12 views

Reconstructing AI activity in investigations

AI systems are now part of everyday work. Investigators need a consistent way to reconstruct what happened within them. Security teams are already investigating activity involving Microsoft 365 Copilot and Azure AI services—from prompt injection attempts to unexpected data access. Those signals a...

5.4AI score
Exploits0
NVD
NVD
added 2026/06/09 5:17 p.m.16 views

CVE-2026-45482

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

8.4CVSS0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 5:5 p.m.10 views

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

8.4CVSS5.4AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 5:5 p.m.9 views

EUVD-2026-35547

Improper limitation of a pathname to a restricted directory 'path traversal' in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

8.4CVSS5.4AI score0.00345EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/09 5:5 p.m.4 views

CVE-2026-45482

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.33 views

CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

...

8.4CVSS0.00345EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.29 views

CVE-2026-45482

CVE-2026-45482 affects GitHub Copilot and Visual Studio Code (Copilot Chat extension): improper limitation of a pathname to a restricted directory enables a local attacker to bypass a security feature. Root cause is a path traversal issue in handling file paths. Impact is described as high for co...

8.4CVSS5.8AI score0.00345EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.7 views

Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability

Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00514EPSS
Exploits0
Rows per page
Query Builder