Skip to main content
CVE-2025-32711 CRITICAL POC Act Now

CVE-2025-32711 is an AI command injection vulnerability in Microsoft 365 Copilot that enables unauthenticated network-based attacks to disclose sensitive information without user interaction. The vulnerability affects M365 Copilot deployments and allows attackers to inject malicious commands that bypass normal authorization controls. With a critical CVSS score of 9.3 and no authentication requirement, this poses an immediate risk to organizations using Copilot features; exploitation status and POC availability require confirmation through Microsoft security advisories.

Command Injection Microsoft Information Disclosure 365 Copilot
NVD GitHub
CVSS 3.1
9.3
EPSS
3.4%
CVE-2025-41663 CRITICAL Act Now

Critical command injection vulnerability in u-link Management API that allows unauthenticated remote attackers positioned as man-in-the-middle (MITM) to inject arbitrary commands into WWH server responses, which are then executed with elevated privileges. The vulnerability requires clients to use insecure proxy configurations to exploit, resulting in complete system compromise (CVSS 9.8). While no public POC or KEV listing is available at publication, the attack vector is network-based with low complexity, making this a significant priority for organizations using u-link with proxy infrastructure.

Command Injection RCE Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-40914 CRITICAL PATCH Act Now

Perl CryptX before version 0.087 contains an embedded version of the libtommath library vulnerable to integer overflow (CVE-2023-36328), enabling remote code execution with no authentication required. This affects all users of vulnerable CryptX versions; attackers can exploit the integer overflow to achieve complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability carries a critical CVSS 9.8 score with network-accessible attack vector and no user interaction requirements.

Integer Overflow Suse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-40912 CRITICAL PATCH Act Now

A security vulnerability in CryptX (CVSS 9.8). Critical severity with potential for significant impact on affected systems. Vendor patch is available.

Information Disclosure
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49710 CRITICAL PATCH Act Now

An integer overflow vulnerability exists in the OrderedHashTable component of Firefox's JavaScript engine, allowing remote attackers to achieve arbitrary code execution without requiring user interaction or elevated privileges. This critical flaw affects Firefox versions prior to 139.0.4 and carries a maximum CVSS score of 9.8, indicating severe real-world risk with network-based attack vectors requiring no user interaction.

Mozilla Integer Overflow Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49709 CRITICAL PATCH Act Now

Critical memory corruption vulnerability in Firefox canvas operations that allows unauthenticated remote attackers to achieve arbitrary code execution with no user interaction required. Firefox versions prior to 139.0.4 are affected. The vulnerability has a near-perfect CVSS score of 9.8 due to network accessibility, low attack complexity, and complete compromise of confidentiality, integrity, and availability.

Mozilla Memory Corruption Buffer Overflow
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-1244 CRITICAL Act Now

A remote code execution vulnerability in the OSSEC HIDS agent for Windows (CVSS 9.5) that allows an attacker. Critical severity with potential for significant impact on affected systems.

Microsoft RCE Windows
NVD
CVSS 4.0
9.5
EPSS
0.5%
CVE-2025-30085 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.2). Critical severity with potential for significant impact on affected systems.

RCE Joomla PHP Privilege Escalation
NVD
CVSS 4.0
9.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy