The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation

The Opal Estate Pro plugin ≤ 1.7.5 is vulnerable to privilege escalation. Due to missing role restrictions in the onregisteruser function, users can register with any role. This allows unauthenticated attackers to create administrator accounts. id: CVE-2025-6934 info: name: The Opal Estate Pro –...

CVE-2026-44244 vulnerabilities

Vulnerabilities for packages: mlflow-fips, awx, datahub-ingestion-fips, opal...

GHSA-V87R-6Q3F-2J67 vulnerabilities

Vulnerabilities for packages: mlflow-fips, awx, datahub-ingestion-fips, opal...

CVE-2026-42284 vulnerabilities

Vulnerabilities for packages: mlflow-fips, awx, checkov, open-webui, mlflow, datahub-ingestion-fips, opal...

CVE-2026-42215 vulnerabilities

Vulnerabilities for packages: mlflow-fips, awx, checkov, open-webui, mlflow, datahub-ingestion-fips, opal...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: A null pointer check was added in opalpowercapinit. The kasprintf function returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Added a null pointer check in opaleventinit. kasprintf returns a pointer to dynamically allocated memory; this pointer may be NULL in case of failure...

Exploit for CVE-2025-6934

CVE-2025-6934 🛡️ CVE-2025-6934 - Unauthenticated Privilege Es...

Exploit for CVE-2025-6934

CVE-2025-6934-Opal-E...

CVE-2026-23949 vulnerabilities

Vulnerabilities for packages: text-generation-inference, py3.9-setuptools, dbt-bigquery, kubeflow-jupyter-web-app, open-webui, airflow, authentik, mlflow, semgrep, azure-functions-python-worker, duplicity, spamcheck, request-1276, label-studio, dask-kubernetes, ansible-operator-fips,...

Azure Linux 3.0 Security Update: kernel (CVE-2023-52696)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-52696 advisory. - In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer chec...

Exploit for CVE-2025-6934

CVE-2025-6934 This repository contains a P...

CVE-2025-67525

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through 4.3.1...

EUVD-2025-202115

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

CVE-2025-67529

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

CVE-2025-67525

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in OpalWP ekommart ekommart allows PHP Local File Inclusion.This issue affects ekommart: from n/a through 4.3.1...

PT-2025-49905

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Opal WP Fashion fashion2 allows PHP Local File Inclusion.This issue affects Fashion: from n/a through 5.3.0...

PT-2025-49901

Name of the Vulnerable Software and Affected Versions Opal WP ekommart versions prior to 4.3.1 Description A flaw exists in Opal WP ekommart that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue impacts the software’s handling of...

Malicious code in opal-teadev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3460e36d9f25cb51487dd18663ed170d0c4b88157d54d9f76708f3f418f31417 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-81048

Malicious code in opal-teadev npm...