The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

CVE-2026-44244 vulnerabilities

Vulnerabilities for packages: awx, mlflow-fips, datahub-ingestion-fips, opal...

GHSA-V87R-6Q3F-2J67 vulnerabilities

Vulnerabilities for packages: awx, mlflow-fips, datahub-ingestion-fips, opal...

CVE-2026-42284 vulnerabilities

Vulnerabilities for packages: mlflow-fips, opal, datahub-ingestion-fips, awx, open-webui, mlflow, checkov...

CVE-2026-42215 vulnerabilities

Vulnerabilities for packages: mlflow-fips, opal, datahub-ingestion-fips, awx, open-webui, mlflow, checkov...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opaleventinit kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opalpowercapinit kasprintf returns a pointer to dynamically allocated memory which can be NULL upon failure...

Exploit for CVE-2025-6934

CVE-2025-6934 🛡️ CVE-2025-6934 - Unauthenticated Privilege Es...

Exploit for CVE-2025-6934

CVE-2025-6934-Opal-E...

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: duplicity, emissary, airflow, py3.9-setuptools, py3-cassandra-medusa, tritonserver-backend-vllm-cuda-12.9, nemo, pgadmin4, superset, datadog-agent, py3-setuptools, kubeflow-katib, azure-functions-python-worker, kserve, opal, semgrep, pypy-3.10, pypy-3.11,...

Azure Linux 3.0 Security Update: kernel (CVE-2023-52696)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52696 advisory. - In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer chec...

Exploit for CVE-2025-6934

CVE-2025-6934 This repository contains a P...

CVE-2025-67525

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through 4.3.1...

EUVD-2025-202115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

CVE-2025-67529

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

CVE-2025-67525

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through 4.3.1...

PT-2025-49901

Name of the Vulnerable Software and Affected Versions Opal WP ekommart versions prior to 4.3.1 Description A flaw exists in Opal WP ekommart that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software’s handling of...

PT-2025-49905

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Opal WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

EUVD-2025-81048

Malicious code in opal-teadev npm...

Malicious code in opal-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3460e36d9f25cb51487dd18663ed170d0c4b88157d54d9f76708f3f418f31417 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...