8073 matches found
CVE-2025-34292
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...
CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...
EUVD-2025-36182
Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...
CVE-2025-34292
The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...
BeWelcome 安全漏洞
BeWelcome is a travel sharing site open-sourced by BeWelcome. BeWelcome has a security vulnerability that stems from improper handling of deserialization of the POST parameters formkitmemoryrecovery and memory cookie bwRemember, which could lead to a PHP object injection attack...
CVE-2025-32283
Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through = 3.5...
CVE-2025-60226
Deserialization of Untrusted Data vulnerability in axiomthemes White Rabbit whiterabbit allows Object Injection.This issue affects White Rabbit: from n/a through = 1.5.2...
CVE-2025-60039
Deserialization of Untrusted Data vulnerability in rascals Noisa noisa allows Object Injection.This issue affects Noisa: from n/a through = 2.6.0...
CVE-2025-60213
Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape scape allows Object Injection.This issue affects Scape: from n/a through = 1.5.13...
CVE-2025-60215
Deserialization of Untrusted Data vulnerability in designthemes Kriya kriya allows Object Injection.This issue affects Kriya: from n/a through = 3.4...
CVE-2025-60216
Deserialization of Untrusted Data vulnerability in BoldThemes Addison addison allows Object Injection.This issue affects Addison: from n/a through 1.4.8...
CVE-2025-60214
Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt goldenblatt allows Object Injection.This issue affects Goldenblatt: from n/a through 1.3.0...
CVE-2025-60225
Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection.This issue affects BugsPatrol: from n/a through = 1.5.0...
CVE-2025-60234
Deserialization of Untrusted Data vulnerability in designthemes Single Property single-property allows Object Injection.This issue affects Single Property: from n/a through = 2.8...
CVE-2025-31634
Deserialization of Untrusted Data vulnerability in designthemes Insurance insurance allows Object Injection.This issue affects Insurance: from n/a through = 3.5...
CVE-2025-60212
Deserialization of Untrusted Data vulnerability in designthemes VEDA veda allows Object Injection.This issue affects VEDA: from n/a through = 4.2...
CVE-2025-60228
Deserialization of Untrusted Data vulnerability in designthemes Knowledge Base kbase allows Object Injection.This issue affects Knowledge Base: from n/a through = 2.9...
WordPress plugin Addison deserialization vulnerability
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A deserialization vulnerability exists in the WordPress plugin Addison, which arises from unsaf...
CVE-2025-52740
Deserialization of Untrusted Data vulnerability in Hernan Villanueva Boldermail boldermail allows Object Injection.This issue affects Boldermail: from n/a through = 2.4.0...
CVE-2025-52737
Deserialization of Untrusted Data vulnerability in Tijmen Smit WP Store Locator wp-store-locator allows Object Injection.This issue affects WP Store Locator: from n/a through = 2.2.260...