70 matches found
CVE-2026-42824
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-46401
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-42827
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-26164
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-41614
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
Microsoft M365 Copilot 命令注入漏洞
Microsoft M365 Copilot is an AI-driven productivity tool developed by the American company Microsoft. Microsoft M365 Copilot has a command injection vulnerability. Attackers can exploit this vulnerability to alter information...
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
M365 Copilot Information Disclosure Vulnerability
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-38575
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in output used by a downstream component injection allows an unauthorized attacker to disclose information over a network. Recommendations At...
CVE-2026-24299
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
EUVD-2026-13178
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-26352
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description An improper neutralization of special elements used in a command 'command injection' exists in M365 Copilot. This allows an unauthorized attacker to disclose information over a network...
EUVD-2026-12111
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CVE-2026-26133
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network...
CGA-M365-WF9J-4PXC
Bulletin has no description...
CVE-2026-24307
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-4313
Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description An improper validation of a specified input type in M365 Copilot can allow an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...
Malicious Package
Overview m365-action-sdk is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
Malicious code in m365-action-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2a647b4c1144f1fc77a782dcc21ff359b1eecf83ecf7feaae9c0c2f3949670af The package m365-action-sdk was found to contain malicious code. Source: ghsa-malware 41899b4f5df3e91b3c1d1d83bfada41c83afbe17c90245a5410e87518e4e78f...