Lantronix EDS5000 devices are vulnerable to remote code execution via command injection in the login protocol (CVE-2025-67038, CVSS 9.8), and active exploitation is occurring.
Microsoft 365 Copilot contains multiple remotely exploitable vulnerabilities that allow unauthenticated attackers to perform privilege escalation, command injection, and data access.
An unpatched command injection vulnerability in SD-WAN Manager is being actively exploited, requiring immediate measures to close authentication gaps and monitor logs.