Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5 matches found

RedhatCVE
RedhatCVEadded 2025/10/28 3:4 p.m.2 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read b...

9.4CVSS8.5AI score0.01894EPSS
Exploits0References1
CVE
CVEadded 2025/10/27 2:36 p.m.7 views

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

9.4CVSS8AI score0.01894EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/10/27 2:36 p.m.4 views

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS0.01894EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/10/27 12:0 a.m.1 views

BeWelcome 安全漏洞

BeWelcome is a travel sharing site open-sourced by BeWelcome. BeWelcome has a security vulnerability that stems from improper handling of deserialization of the POST parameters formkitmemoryrecovery and memory cookie bwRemember, which could lead to a PHP object injection attack...

9.4CVSS7AI score0.01894EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2012/02/11 12:0 a.m.28 views

BeWelcome Cross Site Scripting

Exploit Title: BeWelcome Cross Site Scripting Date: 10.02.2012 Author: Sony Software Link: http://www.bewelcome.org Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/bw-rox-cross-site-scripting.html...

0.1AI score
Exploits0
Rows per page
Query Builder