Vulnerabilities
Vulnerable Software
Microsoft:  >> 365 Copilot  Security Vulnerabilities
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVSS Score
9.3
EPSS Score
0.004
Published
2026-05-22
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2026-05-12
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVSS Score
6.2
EPSS Score
0.004
Published
2026-05-12
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVSS Score
4.4
EPSS Score
0.002
Published
2026-05-12
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.004
Published
2026-05-12
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.004
Published
2026-04-23
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
5.3
EPSS Score
0.006
Published
2026-03-19
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
7.1
EPSS Score
0.004
Published
2026-03-16
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.004
Published
2026-03-10
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.005
Published
2026-03-10


Contact Us

Shodan ® - All rights reserved