Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (50 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54130 1 Microsoft 1 365 Copilot 2026-06-18 9.8 Critical
Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41100 1 Microsoft 8 365 Copilot, 365 Copilot Android, 365 Copilot Android and 5 more 2026-06-09 4.4 Medium
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
CVE-2026-45497 1 Microsoft 2 365 Copilot, Copilot 2026-06-08 7.7 High
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
CVE-2026-42824 1 Microsoft 2 365 Copilot, Copilot 2026-06-08 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26164 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-26129 1 Microsoft 2 365 Copilot Business Chat, 365 Copilot Chat 2026-06-01 7.5 High
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-41090 1 Microsoft 3 365 Copilot, 365 Copilot Ios, 365 Copilot Ios 2026-05-27 9.3 Critical
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
CVE-2026-42827 1 Microsoft 1 365 Copilot 2026-05-27 6.5 Medium
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-42831 1 Microsoft 6 365 Copilot, Office, Office For Android and 3 more 2026-05-22 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2026-40363 1 Microsoft 11 365 Apps, 365 Copilot, Office and 8 more 2026-05-22 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47953 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47167 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47164 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49702 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 7.8 High
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-47162 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-49696 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53799 1 Microsoft 26 365 Copilot, Office, Windows 10 1507 and 23 more 2026-05-22 5.5 Medium
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
CVE-2025-30388 1 Microsoft 29 365 Copilot, Office, Office Long Term Servicing Channel and 26 more 2026-05-22 7.8 High
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2025-30386 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-53732 1 Microsoft 2 365 Copilot, Office 2026-05-22 7.8 High
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.