VYPR

365 Copilot

by Microsoft

CVEs (14)

  • CVE-2026-41090CriMay 22, 2026
    risk 0.60cvss 9.3epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-33102CriApr 23, 2026
    risk 0.60cvss 9.3epss 0.00

    Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2025-62554HigDec 9, 2025
    risk 0.55cvss 8.4epss 0.00

    Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-42831HigMay 12, 2026
    risk 0.51cvss 7.8epss 0.00

    Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.

  • CVE-2026-26164HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-26129HigMay 7, 2026
    risk 0.49cvss 7.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42893HigMay 12, 2026
    risk 0.48cvss 7.4epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.

  • CVE-2026-26133HigMar 16, 2026
    risk 0.46cvss 7.1epss 0.00

    AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42824MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.08

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-42827MedMay 22, 2026
    risk 0.42cvss 6.5epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-41614MedMay 12, 2026
    risk 0.40cvss 6.2epss 0.00

    Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.

  • CVE-2026-47645Jun 19, 2026
    risk 0.00cvss epss 0.00

    Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2026-54130Jun 18, 2026
    risk 0.00cvss epss 0.01

    Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  • CVE-2026-24299Mar 19, 2026
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.