Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (52 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-42895 1 Microsoft 1 365 Copilot 2026-06-23 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-54130 1 Microsoft 1 365 Copilot 2026-06-22 9.8 Critical
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-47645 1 Microsoft 1 365 Copilot 2026-06-22 8.8 High
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-42824 1 Microsoft 2 365 Copilot, Copilot 2026-06-19 6.5 Medium
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41100 1 Microsoft 8 365 Copilot, 365 Copilot Android, 365 Copilot Android and 5 more 2026-06-09 4.4 Medium
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-45497 1 Microsoft 2 365 Copilot, Copilot 2026-06-08 7.7 High
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-26164 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41090 1 Microsoft 3 365 Copilot, 365 Copilot Ios, 365 Copilot Ios 2026-05-27 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42827 1 Microsoft 1 365 Copilot 2026-05-27 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42831 1 Microsoft 6 365 Copilot, Office, Office For Android and 3 more 2026-05-22 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1 Microsoft 11 365 Apps, 365 Copilot, Office and 8 more 2026-05-22 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62554 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 7.8 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2023-36565 1 Microsoft 3 365 Copilot, Office, Office Long Term Servicing Channel 2026-05-22 7 High
Microsoft Office Graphics Elevation of Privilege Vulnerability
CVE-2024-38250 1 Microsoft 26 365 Copilot, Office, Office Long Term Servicing Channel and 23 more 2026-05-22 7.8 High
Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-60724 1 Microsoft 32 365 Copilot, Graphics Component, Office and 29 more 2026-05-22 9.8 Critical
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
CVE-2025-49696 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26110 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53766 1 Microsoft 30 365 Copilot, Gdi+, Gdiplus and 27 more 2026-05-22 9.8 Critical
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.