Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft Subscribe
Filtered by product 365 Copilot
Total 39 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-62554 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 8.4 HIGH
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-62557 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 8.4 HIGH
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49697 1 Microsoft 5 365 Apps, 365 Copilot, Office and 2 more 2026-05-22 N/A 8.4 HIGH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53799 1 Microsoft 16 365 Copilot, Windows 10 1507, Windows 10 1607 and 13 more 2026-05-22 N/A 5.5 MEDIUM
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-59234 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 7.8 HIGH
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-26134 1 Microsoft 1 365 Copilot 2026-05-22 N/A 7.8 HIGH
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-62199 1 Microsoft 4 365 Apps, 365 Copilot, Excel and 1 more 2026-05-22 N/A 7.8 HIGH
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-42831 1 Microsoft 3 365 Copilot, Office, Office Long Term Servicing Channel 2026-05-22 N/A 7.8 HIGH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 7.8 HIGH
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 8.4 HIGH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1 Microsoft 4 365 Apps, 365 Copilot, Office and 1 more 2026-05-22 N/A 8.4 HIGH
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-41100 1 Microsoft 1 365 Copilot 2026-05-16 N/A 4.4 MEDIUM
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-41614 1 Microsoft 1 365 Copilot 2026-05-14 N/A 6.2 MEDIUM
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
CVE-2026-33102 1 Microsoft 1 365 Copilot 2026-04-29 N/A 9.3 CRITICAL
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-26133 1 Microsoft 10 365 Copilot, Edge, Excel and 7 more 2026-04-09 N/A 7.1 HIGH
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-24299 1 Microsoft 1 365 Copilot 2026-03-24 N/A 5.3 MEDIUM
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2025-32711 1 Microsoft 1 365 Copilot 2026-02-20 N/A 9.3 CRITICAL
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-24307 1 Microsoft 1 365 Copilot 2026-02-12 N/A 9.3 CRITICAL
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2021-43905 1 Microsoft 1 365 Copilot 2025-06-11 6.8 MEDIUM 9.6 CRITICAL
Microsoft Office app Remote Code Execution Vulnerability