Vulnerabilities
Vulnerable Software
Microsoft:  >> 365 Copilot  Security Vulnerabilities
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.005
Published
2026-07-02
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.004
Published
2026-06-19
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVSS Score
6.5
EPSS Score
0.004
Published
2026-06-19
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
9.8
EPSS Score
0.006
Published
2026-06-18
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.003
Published
2026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.004
Published
2026-06-09
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally.
CVSS Score
4.7
EPSS Score
0.004
Published
2026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.004
Published
2026-06-09
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVSS Score
8.4
EPSS Score
0.003
Published
2026-06-09
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVSS Score
6.5
EPSS Score
0.005
Published
2026-05-22


Contact Us

Shodan ® - All rights reserved