CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.
Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.
Perl CryptX before version 0.087 contains an embedded version of the libtommath library vulnerable to integer overflow (CVE-2023-36328), enabling remote code execution with no authentication required. This affects all users of vulnerable CryptX versions; attackers can exploit the integer overflow to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability carries a critical CVSS 9.8 score with network-accessible attack vector and no user interaction requirements.
A security vulnerability in CryptX (CVSS 9.8). Critical severity with potential for significant impact on affected systems. Vendor patch is available.
An integer overflow vulnerability exists in the OrderedHashTable component of Firefox's JavaScript engine, allowing remote attackers to achieve arbitrary code execution without requiring user interaction or elevated privileges. This critical flaw affects Firefox versions prior to 139.0.4 and carries a maximum CVSS score of 9.8, indicating severe real-world risk with network-based attack vectors requiring no user interaction.
Critical memory corruption vulnerability in Firefox canvas operations that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. Firefox versions prior to 139.0.4 are affected. The vulnerability has a near-perfect CVSS score of 9.8 due to network accessibility, low attack complexity, and complete compromise of confidentiality, integrity, and availability.
A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.
A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.