Skip to main content
CVE-2025-34061 CRITICAL POC THREAT Emergency

PHPStudy development environment versions 2016 through 2018 contain an embedded backdoor that executes arbitrary PHP code from HTTP request headers. The backdoor listens for base64-encoded payloads in the Accept-Charset header, decodes and executes them without any authentication, providing complete remote code execution on any server running the compromised PHPStudy.

PHP RCE Code Injection
NVD
CVSS 4.0
9.3
EPSS
59.2%
Threat
5.1
CVE-2025-34089 CRITICAL POC THREAT Emergency

An unauthenticated remote code execution vulnerability exists in Remote for Mac, a macOS remote control utility developed by Aexol Studio, in versions up to and including 2025.7. When the application is configured with authentication disabled (i.e., the "Allow unknown devices" option is enabled), the /api/executeScript endpoint is exposed without access control. This allows unauthenticated remote attackers to inject arbitrary AppleScript payloads via the X-Script HTTP header, resulting in code execution using do shell script. Successful exploitation grants attackers the ability to run arbitrary commands on the macOS host with the privileges of the Remote for Mac background process.

RCE Code Injection Apple macOS
NVD
CVSS 4.0
9.3
EPSS
56.5%
Threat
5.1
CVE-2025-34082 CRITICAL POC PATCH THREAT Act Now

A command injection vulnerability exists in IGEL OS versions prior to 11.04.270 within the Secure Terminal and Secure Shadow services. The flaw arises due to improper input sanitization in the handling of specially crafted PROXYCMD commands on TCP ports 30022 and 5900. An unauthenticated attacker with network access to a vulnerable device can inject arbitrary commands, leading to remote code execution with elevated privileges. NOTE: IGEL OS v10.x has reached end-of-life (EOL) status.

RCE Command Injection
NVD
CVSS 4.0
9.3
EPSS
46.0%
Threat
4.7
CVE-2025-23968 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server.This issue affects AiBud WP: from n/a through 1.8.5.

File Upload
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy