Lucene search
K
Microsoft365 Copilot

47 matches found

CVE
CVE
added 2025/09/09 5:1 p.m.580 views

CVE-2025-53799

CVE-2025-53799 affects the Windows Imaging Component. The vulnerability arises from use of an uninitialized resource in Imaging Component code, enabling local attackers to disclose information. The NCSC entry confirms the impact as Access to sensitive data with a CVSS-like rating around 5.5 (Medi...

5.5CVSS6.1AI score0.0073EPSS
CVE
CVE
added 2021/12/15 2:15 p.m.403 views

CVE-2021-43905

CVE-2021-43905 – Microsoft Office app Remote Code Execution : A vulnerability in the Microsoft Office app on Windows allows remote code execution via a specially crafted Office document. Exploitation requires the victim to open the malicious document (user interaction required) and could lead to ...

9.6CVSS9.5AI score0.02821EPSS
CVE
CVE
added 2025/06/11 1:22 p.m.206 views

CVE-2025-32711

CVE-2025-32711 (EchoLeak) is a zero-click AI command-injection vulnerability in Microsoft 365 Copilot that enables unauthorized data disclosure via crafted emails. The issue stems from prompt-injection techniques exploited by Copilot’s retrieval/processing flow, allowing data exfiltration from Co...

9.3CVSS7.3AI score0.05776EPSS
CVE
CVE
added 2023/03/14 4:55 p.m.139 views

CVE-2023-23391

CVE-2023-23391 is a spoofing vulnerability in Microsoft Office for Android. The NCSC advisory lists Office for Android as affected with a CVSS base score around 5.5 and notes that updates fix the vulnerability; no exploitation specifics are provided in the connected documents.

5.5CVSS5.8AI score0.00642EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.110 views

CVE-2025-47167

Microsoft Office remote/local code execution vulnerability CVE-2025-47167 arises from an incompatible type (type confusion) when accessing resources, allowing an unauthenticated or authenticated attacker to execute code with the user’s context. Affected products span Office suite components (Word...

8.4CVSS8.4AI score0.00575EPSS
CVE
CVE
added 2026/06/18 9:42 p.m.101 views

CVE-2026-54130

CVE-2026-54130 affects M365 Copilot and involves missing authentication for a critical function, enabling an unauthorized attacker to disclose information over a network. The NVD and CVE records confirm the root cause as unauthenticated access to a high-impact function, with a CVSS v3.1 base scor...

9.8CVSS5.3AI score0.00578EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.99 views

CVE-2023-36565

CVE-2023-36565 is a Microsoft Office Graphics elevation-of-privilege vulnerability. Affected are various Office products (e.g., Office 2019/2021, Office for Mac; list from Kaspersky NCSC doc) where the Graphics component can elevate privileges within a local context. Reported root cause is a priv...

7CVSS7AI score0.00417EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.97 views

CVE-2024-38250

CVE-2024-38250 is a Windows Graphics Component elevation-of-privilege vulnerability. The CVE entry (Microsoft product area) indicates a local attacker with low privileges and no user interaction could obtain higher privileges (CVSS 7.8, High). Connected sources corroborate that Microsoft has issu...

7.8CVSS8.6AI score0.00693EPSS
CVE
CVE
added 2025/04/08 5:23 p.m.96 views

CVE-2025-26687

CVE-2025-26687 is a use-after-free in Windows Win32K - GRFX that enables a network-based privilege escalation. The affected component is the Win32K GRFX graphics subsystem; the underlying issue is a use-after-free in that path, leading to total impact (CVE-2025-26687 shows a base score of 7.5/10 ...

7.5CVSS7.5AI score0.01012EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.95 views

CVE-2025-47953

CVE-2025-47953 is a Microsoft Office remote code execution vulnerability described as a use-after-free in Microsoft Office that could allow a local attacker to execute arbitrary code. Microsoft attributes a high severity (CVSSv3.1: 8.4, LOCAL access, no user interaction required) and notes impact...

8.4CVSS8.8AI score0.00465EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.94 views

CVE-2025-47162

CVE-2025-47162 (Microsoft Office RCE) : A heap-based buffer overflow in Microsoft Office enables an attacker to execute arbitrary code locally. Public details list this as a local-exploitation vulnerability with no user interaction required (per the CVE description and Microsoft’s MSRC page). Aff...

8.4CVSS8.6AI score0.00659EPSS
CVE
CVE
added 2025/06/10 5:2 p.m.93 views

CVE-2025-47164

CVE-2025-47164 is a Microsoft Office remote code execution vulnerability described as a use-after-free condition in Office components. The affected suite includes Word, Excel, PowerPoint, Outlook, and SharePoint Server (various Office 2016/2019/2021 and related platforms), with the root cause ide...

8.4CVSS8.8AI score0.00563EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.87 views

CVE-2025-60724

Technical details about CVE-2025-60724 are not provided in the supplied documents. Connected KBs discuss OS updates and security fixes but do not specify vulnerable product versions, root cause, exploitation, or patch specifics for this CVE. Monitor for updates.

9.8CVSS6.1AI score0.05815EPSS
CVE
CVE
added 2025/05/13 4:58 p.m.85 views

CVE-2025-30386

CVE-2025-30386 is a Microsoft Office use-after-free remote-code-execution vulnerability. Public sources (MSRC/MSCVEs) describe it affecting Office components (Excel/PowerPoint/Outlook/SharePoint/Docs) with local exploitation; patching is provided via Office/MSR security updates (e.g., KB5002711) ...

8.4CVSS7.8AI score0.00561EPSS
CVE
CVE
added 2025/05/13 4:59 p.m.83 views

CVE-2025-30388

Technical details about CVE-2025-30388 are not provided in the connected documents. Public information remains limited to the initial description. Monitor for updates from official advisories for affected products, impacts, and remediation.

7.8CVSS8AI score0.03467EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.78 views

CVE-2025-53766

CVE-2025-53766 is a heap-based buffer overflow in Windows GDI+ that enables a remote attacker to execute code over a network. Public details describe the vulnerability as a memory overflow in GDI+ triggered by processing specially crafted metafiles, potentially allowing arbitrary code execution w...

9.8CVSS8AI score0.06706EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.74 views

CVE-2026-41614

CVE-2026-41614 concerns M365 Copilot for Desktop where improper access control enables a local attacker to spoof identities. The available documents identify the affected software (M365 Copilot for Desktop) and the impact as local spoofing due to insufficient access permissions, but do not provid...

6.2CVSS5.8AI score0.00363EPSS
CVE
CVE
added 2026/06/09 5:5 p.m.70 views

CVE-2026-45463

CVE-2026-45463 describes a heap-based buffer overflow in Microsoft Office that allows an attacker with local access to execute code on the affected system. The sources identify Microsoft Office and classify the flaw as a heap-based overflow with high impact (CVSSv3.1: 8.4, LOCAL access, no user i...

8.4CVSS6AI score0.00339EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.69 views

CVE-2025-49695

CVE-2025-49695 is a Microsoft Office remote code execution/use-after-free vulnerability affecting Office components (notably Office 2016 and related suites). The issue enables local code execution when a user opens or previews crafted content; Microsoft lists updates (e.g., KB5002742) and multipl...

8.4CVSS7.3AI score0.00595EPSS
CVE
CVE
added 2026/03/19 9:6 p.m.69 views

CVE-2026-24299

CVE-2026-24299 affects M365 Copilot. The vulnerability is an improper neutralization of special elements used in a command (command injection) that could allow an unauthenticated attacker to disclose information over a network. According to the connected MSRC entry, the exploit would be delivered...

5.3CVSS5.8AI score0.00633EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.68 views

CVE-2025-49702

CVE-2025-49702 is a Microsoft Office remote code execution vulnerability caused by type confusion in Office functionality. The issue enables an attacker to run arbitrary code locally when a user opens a malicious file; Microsoft attributes a high base CVSS v3.1 score (7.8, HIGH) with LOCAL access...

7.8CVSS6.9AI score0.00512EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.63 views

CVE-2025-49697

CVE-2025-49697 is a Microsoft Office remote code execution vulnerability. The issue is described as a heap-based buffer overflow in Office that allows an attacker with local access to run arbitrary code on a vulnerable system, with no user interaction required (local access, no UI). Publicly avai...

8.4CVSS7.3AI score0.00461EPSS
CVE
CVE
added 2025/07/08 4:58 p.m.58 views

CVE-2025-49696

CVE-2025-49696 affects Microsoft Office (Office components) with an out-of-bounds read that enables a locally authenticated attacker to execute arbitrary code. Affected products include Microsoft Office 2016/2019/365-related suites and components such as Word, Excel, PowerPoint, and related Offic...

8.4CVSS6.8AI score0.00552EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.55 views

CVE-2026-41100

CVE-2026-41100 describes an improper access control vulnerability in Microsoft 365 Copilot (Android) that allows an authorized attacker to perform local spoofing. The NVD entries consistently flag local attack vector with low attack complexity and low privileges required, resulting in a CVSS v3.1...

4.4CVSS5.8AI score0.00249EPSS
CVE
CVE
added 2026/05/22 10:3 p.m.55 views

CVE-2026-42827

CVE-2026-42827 concerns a command injection vulnerability in Microsoft 365 Copilot. The Red Hat, NVD, MSRC, and other feeds describe improper neutralization of special elements used in a command, enabling an attacker to disclose information over a network. Affected product is Microsoft 365 Copilo...

7.5CVSS5.8AI score0.00503EPSS
CVE
CVE
added 2026/03/13 9:10 p.m.52 views

CVE-2026-26133

CVE-2026-26133 involves an AI command injection vulnerability in Microsoft 365 Copilot that can lead to unauthorized disclosure of information over a network. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N) indicates a network-accessible issue with no privileges required but user intera...

7.1CVSS5.8AI score0.00433EPSS
CVE
CVE
added 2026/05/22 10:3 p.m.52 views

CVE-2026-41090

CVE-2026-41090 affects Microsoft Copilot. The vulnerability arises from improper neutralization of elements used in a command (command injection) that enables tampering over a network. The CVSS‑3.1 vector indicates network attack, high confidentiality and integrity impact, no availability impact,...

9.3CVSS5.8AI score0.0042EPSS
CVE
CVE
added 2025/08/12 5:10 p.m.44 views

CVE-2025-53732

CVE-2025-53732 is a heap-based buffer overflow in Microsoft Office that enables local code execution. The CVE is rated CVSS 3.1 base score 7.8 (HIGH) with local attack vector, low attack complexity, no privileges required, but user interaction is required; impact to confidentiality, integrity, an...

7.8CVSS8AI score0.00454EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.41 views

CVE-2026-45474

The documents confirm CVE-2026-45474 is a Microsoft Office vulnerability described as a heap-based buffer overflow that allows an unauthenticated/unauthorized attacker to execute code locally on affected systems. Affected product is Microsoft Office, with the root cause identified as a heap-based...

8.4CVSS6AI score0.00364EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.40 views

CVE-2026-26110

CVE-2026-26110 is a Microsoft Office remote code execution vulnerability described as a resource access type confusion in Microsoft Office. Connected sources confirm Office-related RCEs and patch activity in the March 2026 Patch Tuesday cycle, with updates addressing multiple Office CVEs (includi...

8.4CVSS5.9AI score0.0049EPSS
CVE
CVE
added 2026/05/12 4:58 p.m.36 views

CVE-2026-40363

CVE-2026-40363 is a heap-based buffer overflow in Microsoft Office that allows an unauthenticated local attacker to execute code. The vulnerability affects Office components handling user data in local context and is rated high severity (CVSS 3.1: AV:L AC:L PR:N UI:N S:U C:H I:H A:H). A patch is ...

8.4CVSS6.1AI score0.00383EPSS
CVE
CVE
added 2025/12/09 5:55 p.m.34 views

CVE-2025-62554

CVE-2025-62554 is a Microsoft Office remote code execution vulnerability reported as a type confusion in Office components. Multiple connected sources (MSRC, CNVD, EUVD, CNNVD, Krebs) describe it as enabling code execution on affected systems, with Microsoft noting the issue in Office products an...

8.4CVSS6.9AI score0.00399EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.34 views

CVE-2026-45461

CVE-2026-45461 describes a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. Documents confirm the vulnerability exists in Microsoft Office and indicate a local attack vector with high impact (C: HIGH, I: HIGH, A: HIGH) and a base score o...

8.4CVSS6AI score0.00364EPSS
CVE
CVE
added 2025/11/11 5:59 p.m.33 views

CVE-2025-62199

CVE-2025-62199 is a Microsoft Office remote code execution/use-after-free vulnerability. The CVE affects multiple Office components (notably Office and Excel) due to a memory-management flaw described as a use-after-free in Office, enabling a locally authenticated attacker to run arbitrary code. ...

7.8CVSS5.8AI score0.00716EPSS
CVE
CVE
added 2026/06/19 8:27 p.m.32 views

CVE-2026-42895

Microsoft Copilot vulnerability CVE-2026-42895 involves improper neutralization of special elements used in a command (command injection) that could allow an unauthorized attacker to tamper with data over a network. Affected component is Microsoft Copilot; root cause is improper input handling le...

7.5CVSS5.9AI score0.00399EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.30 views

CVE-2025-59227

CVE-2025-59227 is a Microsoft Office remote code execution vulnerability described as a use-after-free in Office components that can let an unauthenticated, local attacker execute code. Connected sources corroborate Office-focused impact and indicate multiple Office subsystems are affected, with ...

7.8CVSS7.1AI score0.00467EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.30 views

CVE-2026-45472

CVE-2026-45472 is a heap-based buffer overflow in Microsoft Office that allows an unauthorized attacker to execute code locally. The connected sources (NVD, CVE listing) corroborate a local-execution impact due to a heap overflow in Office components. No explicit root-cause details beyond the hea...

8.4CVSS6AI score0.00339EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.28 views

CVE-2026-25180

CVE-2026-25180 describes an out-of-bounds read in the Microsoft Graphics Component that can allow an unauthorized local attacker to disclose information. Connected sources (NVD, CVE listing, ENISA/NCSC advisories) confirm the affected component as Microsoft Graphics Component and the impact as lo...

5.5CVSS5.7AI score0.00655EPSS
CVE
CVE
added 2026/03/10 5:4 p.m.26 views

CVE-2026-24285

Technical details about CVE-2026-24285 are not provided in the given documents. Monitor for updates from Microsoft and CVE records for affected products, impact, and mitigations.

7CVSS5.8AI score0.00462EPSS
CVE
CVE
added 2026/01/22 10:47 p.m.26 views

CVE-2026-24307

CVE-2026-24307 affects M365 Copilot. Root cause: improper validation of a specified input type. Impact: unauthorized disclosure of information over a network (confidentiality and integrity high; CVSS 9.3). Exploitation details are not provided in the supplied documents. Remediation is expected vi...

9.3CVSS5.3AI score0.00809EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.26 views

CVE-2026-26134

CVE-2026-26134 is an elevation-of-privilege vulnerability in Microsoft Office resulting from an integer overflow/wraparound in Office components, allowing an authenticated local attacker to elevate privileges. Public sources in the connected documents confirm the impact as local privilege escalat...

7.8CVSS5.8AI score0.00353EPSS
CVE
CVE
added 2026/06/09 5:4 p.m.26 views

CVE-2026-45460

CVE-2026-45460 is an information-disclosure vulnerability in Microsoft Office caused by an out-of-bounds read in a Microsoft Office component. It allows a local, unauthenticated attacker to disclose information (confidentiality impact). The CVSSv3.1 metrics indicate a Local attack vector, High ex...

4.7CVSS5.4AI score0.00357EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.25 views

CVE-2026-42831

CVE-2026-42831 describes a heap-based buffer overflow in Microsoft Office that allows a local attacker to execute code. The CVSS 3.1 vector indicates local attack with user interaction required, high impact on confidentiality, integrity, and availability. Connected sources confirm the issue but d...

7.8CVSS6.1AI score0.00437EPSS
CVE
CVE
added 2025/12/09 5:55 p.m.23 views

CVE-2025-62557

CVE-2025-62557 is a Microsoft Office remote-code-execution vulnerability (use-after-free) affecting Office components; exploitation could allow local code execution with high impact. Connected sources identify Microsoft Office as affected and confirm a code-execution vector via Office. Remediatio...

8.4CVSS7.1AI score0.00391EPSS
CVE
CVE
added 2026/06/19 8:29 p.m.22 views

CVE-2026-47645

Summary: CVE-2026-47645 is an open redirect vulnerability in Microsoft 365 Copilot’s Business Chat that can lead to privilege escalation over a network. The issue is described across sources (NVD/MSRC/CVE records) as a url redirection to an untrusted site, with a CVSS v3.1 base score of 8.8 (HIGH...

8.8CVSS5.8AI score0.00408EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.21 views

CVE-2025-59234

CVE-2025-59234 is a Microsoft Office remote code execution vulnerability described as a use-after-free in Office components that allows a locally authenticated attacker to execute code. Public details from connected sources confirm Office as the affected product family and cite an exploit path vi...

7.8CVSS7.1AI score0.0055EPSS
CVE
CVE
added 2026/04/23 9:35 p.m.21 views

CVE-2026-33102

Technical details of CVE-2026-33102 are not publicly available in the provided documents; monitor for updates from official sources.

9.3CVSS5.7AI score0.00398EPSS