Lucene search
K

827 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.8 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.9 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

7.7CVSS6AI score0.00452EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 10:0 p.m.34 views

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

...

7.7CVSS0.00452EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 10:0 p.m.9 views

CVE-2026-45497 Microsoft M365 Copilot Remote Code Execution Vulnerability

...

7.7CVSS5.4AI score0.00452EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 10:0 p.m.81 views

CVE-2026-42824

Technical details (affected products, root cause specifics, exploit vectors, and fixes) are not publicly available in the provided documents. Monitor official advisories for updates.

7.5CVSS6.1AI score0.0764EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/04 10:0 p.m.40 views

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

...

6.5CVSS5.4AI score0.0764EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 10:0 p.m.29 views

CVE-2026-42824 M365 Copilot Information Disclosure Vulnerability

...

6.5CVSS0.0764EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.7 views

CVE-2026-42824

Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS6.1AI score0.0764EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 10:0 p.m.72 views

CVE-2026-45497

CVE-2026-45497 affects Microsoft Copilot (M365 Copilot). According to the description, it involves improper neutralization of special elements in a command (command injection) that could allow an authorized attacker to execute code over a network. The connected documents do not provide concrete t...

8.8CVSS6AI score0.00452EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/04 2:0 p.m.12 views

Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00732EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/04 2:0 p.m.16 views

Microsoft M365 Copilot Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS6AI score0.00452EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/04 2:0 p.m.25 views

M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS6AI score0.0764EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46403

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.9 views

PT-2026-46402

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot versions prior to June 2026 Description Improper neutralization of special elements used in a command allows an authorized attacker to execute code over a network. This issue, known as command injection, occurs when an...

8.8CVSS6.2AI score0.00452EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46401

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot Enterprise affected versions not specified Description A critical vulnerability chain known as SearchLeak allows an unauthorized attacker to exfiltrate sensitive corporate data, including email contents, MFA codes, calend...

7.5CVSS6.2AI score0.0764EPSS
Exploits0References56
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Microsoft 365 Copilot 命令注入漏洞

Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper of special elements in commands. This vulnerability could allow authorized attackers to execute code...

8.8CVSS5.6AI score0.00452EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.5 views

Microsoft 365 Copilot 命令注入漏洞

Microsoft 365 Copilot is a generative AI collaboration assistant integrated into the Microsoft Office suite. Microsoft 365 Copilot has a command injection vulnerability, which stems from improper neutralization of special elements in commands. This vulnerability could allow unauthorized attackers...

7.5CVSS5.8AI score0.0764EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Microsoft Copilot Chat (Microsoft Edge) 输入验证错误漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a injection vulnerability, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability...

7.5CVSS5.7AI score0.00732EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 4:3 p.m.20 views

RLSA-2026:19136 Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root...

7.8CVSS5.8AI score0.00621EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 p.m.11 views

CVE-2026-42827

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00503EPSS
Exploits0References1
Rows per page
Query Builder