Lucene search
K

8073 matches found

NVD
NVD
added 2025/10/27 3:15 p.m.11 views

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS0.0053EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/27 2:36 p.m.3 views

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS8AI score0.0053EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/27 2:36 p.m.7 views

EUVD-2025-36182

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

9.4CVSS7.9AI score0.0053EPSS
Exploits0References6
CVE
CVE
added 2025/10/27 2:36 p.m.15 views

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

9.4CVSS8AI score0.0053EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.4 views

BeWelcome 安全漏洞

BeWelcome is a travel sharing site open-sourced by BeWelcome. BeWelcome has a security vulnerability that stems from improper handling of deserialization of the POST parameters formkitmemoryrecovery and memory cookie bwRemember, which could lead to a PHP object injection attack...

9.4CVSS7AI score0.0053EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.6 views

CVE-2025-32283

Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...

8.8CVSS7AI score0.00556EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.5 views

CVE-2025-60226

Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through = 1.5.2...

9.8CVSS7AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.5 views

CVE-2025-60039

Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through = 2.6.0...

9.8CVSS7AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.6 views

CVE-2025-60213

Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through = 1.5.13...

9.8CVSS7AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-60215

Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through = 3.4...

8.8CVSS7AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-60216

Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through 1.4.8...

9.8CVSS5.9AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-60214

Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through 1.3.0...

9.8CVSS5.9AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.7 views

CVE-2025-60225

Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through = 1.5.0...

9.8CVSS7AI score0.00541EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-60234

Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through = 2.8...

8.8CVSS7AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 2:33 p.m.4 views

CVE-2025-31634

Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...

8.8CVSS7AI score0.00573EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 1:35 p.m.5 views

CVE-2025-60212

Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...

8.8CVSS7AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/24 1:35 p.m.14 views

CVE-2025-60228

Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through = 2.9...

8.8CVSS6.9AI score0.00486EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/24 12:0 a.m.13 views

WordPress plugin Addison deserialization vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A deserialization vulnerability exists in the WordPress plugin Addison, which arises from unsaf...

9.8CVSS6.8AI score0.00529EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-52740

Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...

8.8CVSS7AI score0.00486EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/23 3:14 p.m.4 views

CVE-2025-52737

Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...

8.8CVSS7AI score0.00421EPSS
Exploits0References1
Rows per page
Query Builder