Total
39
Critical
7
High
25
Medium
7
CISA KEV
0
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally.
Use after free in Windows Win32K allows an authorized attacker to elevate privileges locally.
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use of uninitialized resource in Windows Imaging Component allows an unauthorized attacker to disclose information locally.
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Ai command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network.
Windows Graphics Component Elevation of Privilege Vulnerability
Microsoft Office Graphics Elevation of Privilege Vulnerability
Office for Android Spoofing Vulnerability
Microsoft Office app Remote Code Execution Vulnerability
