Skip to main content
CVE-2025-6934 CRITICAL POC THREAT Emergency

The Opal Estate Pro - Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
23.6%
Threat
4.2
CVE-2025-34054 CRITICAL POC Act Now

An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing commands as root. Exploitation evidence was observed by the Shadowserver Foundation on 2025-01-04 UTC.

Command Injection
NVD GitHub Exploit-DB
CVSS 4.0
10.0
EPSS
0.3%
CVE-2025-53005 CRITICAL POC PATCH Act Now

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

Authentication Bypass PostgreSQL Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-45872 CRITICAL POC Act Now

zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.

SSRF Zrlog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-34056 CRITICAL POC Act Now

An OS command injection vulnerability exists in AVTECH IP camera, DVR, and NVR devices via the PwdGrp.cgi endpoint, which handles user and group management operations. Authenticated users can supply input through the pwd or grp parameters, which are directly embedded into system commands without proper sanitation. This allows for the execution of arbitrary shell commands with root privileges.

Command Injection
NVD GitHub Exploit-DB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-34055 CRITICAL POC Act Now

An OS command injection vulnerability exists in AVTECH DVR, NVR, and IP camera devices within the adcommand.cgi endpoint, which interfaces with the ActionD daemon. Authenticated users can invoke the DoShellCmd operation, passing arbitrary input via the strCmd parameter. This input is executed directly by the system shell without sanitation allowing attackers to execute commands as the root user.

Command Injection
NVD GitHub Exploit-DB
CVSS 4.0
9.4
EPSS
0.4%
CVE-2025-49029 CRITICAL POC Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in bitto.Kazi Custom Login And Signup Widget allows Code Injection.This issue affects Custom Login And Signup Widget: from n/a through 1.0.

RCE Code Injection
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2025-34060 CRITICAL Act Now

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents() without validation. MIME type checks using PHP’s finfo can be bypassed via crafted stream filter chains that prepend spoofed headers, allowing access to internal Laravel configuration files. An attacker can extract the APP_KEY from config/app.php, forge encrypted cookies, and trigger unsafe unserialize() calls, leading to reliable remote code execution.

Deserialization PHP RCE
NVD
CVSS 4.0
10.0
EPSS
0.6%
CVE-2025-41656 CRITICAL Act Now

An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.

Authentication Bypass
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2025-34063 CRITICAL PATCH Act Now

A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment.

Authentication Bypass
NVD
CVSS 4.0
10.0
EPSS
0.1%
CVE-2025-37099 CRITICAL Act Now

A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

RCE Code Injection Insight Remote Support
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2025-41648 CRITICAL PATCH Act Now

CVE-2025-41648 is a security vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-52101 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Authentication Bypass
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-53095 CRITICAL PATCH Act Now

Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can trigger unintended actions within the Sunshine application on behalf of that user. Specifically, since the application does OS command execution by design, this issue can be exploited to abuse the "Command Preparations" feature, enabling an attacker to inject arbitrary commands that will be executed with Administrator privileges when an application is launched. This issue has been patched in version 2025.628.4510.

CSRF Command Injection Sunshine
NVD GitHub
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-53104 CRITICAL Act Now

gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields (title, body, etc.) were directly interpolated into shell commands in a run: block. An attacker could craft a malicious GitHub Discussion title or body (e.g., $(curl ...)) to execute arbitrary shell commands on the Actions runner. This issue has been fixed in commit e6b4271 where the discussion-to-slack.yml workflow was removed. Users should remove the discussion-to-slack.yml workflow if using a fork or derivative of this repository.

Command Injection
NVD GitHub
CVSS 3.1
9.1
EPSS
0.2%
CVE-2025-45006 CRITICAL Act Now

A remote code execution vulnerability (CVSS 9.1). Critical severity with potential for significant impact on affected systems.

Information Disclosure
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-34064 CRITICAL PATCH Act Now

A cloud infrastructure misconfiguration in OneLogin AD Connector results in log data being sent to a hardcoded S3 bucket (onelogin-adc-logs-production) without validating bucket ownership. An attacker who registers this unclaimed bucket can begin receiving log files from other OneLogin tenants. These logs may contain sensitive data such as directory tokens, user metadata, and environment configuration. This enables cross-tenant leakage of secrets, potentially allowing JWT signing key recovery and user impersonation.

Information Disclosure
NVD
CVSS 4.0
9.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy