18 matches found
EUVD-2025-19999
Malicious code in bioql PyPI...
WordPress Kossy File Inclusion Vulnerability
Kossy is a WordPress theme designed for e-commerce with a minimalist style for furniture stores, clothing stores, digital product stores and other scenarios. WordPress Kossy has a file inclusion vulnerability, the vulnerability stems from improper file name control in the PHP program, an attacker...
CVE-2025-52807
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...
CVE-2025-52807
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...
CVE-2025-52807 WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...
CVE-2025-52807
CVE-2025-52807 affects the Kossy - Minimalist eCommerce WordPress Theme (
CVE-2025-52807 WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ApusWP Kossy - Minimalist eCommerce WordPress Theme kossy allows PHP Local File Inclusion.This issue affects Kossy - Minimalist eCommerce WordPress Theme: from n/a through = 1.45...
PT-2025-27937 · WordPress · Kossy - Minimalist Ecommerce Wordpress Theme
Name of the Vulnerable Software and Affected Versions: Kossy - Minimalist eCommerce WordPress Theme versions 1.45 and earlier Description: The issue affects the Kossy - Minimalist eCommerce WordPress Theme due to improper control of filename for include/require statement in PHP program, allowing...
WordPress plugin Kossy 安全漏洞
Kossy is a WordPress theme designed for e-commerce with a minimalist style for furniture stores, clothing stores, digital product stores and other scenarios. WordPress Kossy has a file inclusion vulnerability, the vulnerability stems from improper file name control in the PHP program, an attacker...
WordPress Kossy - Minimalist eCommerce WordPress Theme <= 1.45 - Local File Inclusion Vulnerability
WordPress Kossy - Minimalist eCommerce WordPress Theme = 1.45 - Local File Inclusion Vulnerability discovered by Phat RiO - BlueRock in WordPress Theme Kossy - Minimalist eCommerce WordPress Theme versions = 1.45...
WordPress Kossy - Minimalist eCommerce WordPress Theme Theme <= 1.45 is vulnerable to Local File Inclusion
Software Kossy - Minimalist eCommerce WordPress Theme Type Theme Vulnerable versions = 1.45 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Local File Inclusion CVE CVE-2025-52807 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID 73d9e90a489c Credits Phat RiO ...
CVE-2021-47157
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...
CVE-2021-47157
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...
CVE-2021-47157
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...
Kossy Security Breach
Kossy is a web application framework developed by Masahiro Nagano, an individual developer in Japan. A security vulnerability exists in Kossy module version 0.60, which stems from mishandling of X-Requested-Wise, allowing an attacker to perform JSON hijacking...
CVE-2021-47157
The Kossy module before 0.60 for Perl allows JSON hijacking because of X-Requested-With mishandling...
CVE-2021-47157
The CVE-2021-47157 entry affects the Kossy Perl module before 0.60. The root cause is mishandling of the X-Requested-With header, enabling JSON hijacking and compromising confidentiality, integrity, and availability (CVSS v3.1: 9.8, critical; AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Affected softwar...
PT-2024-11205 · Kossy · Kossy
Name of the Vulnerable Software and Affected Versions: Kossy module versions prior to 0.60 Description: The issue allows JSON hijacking due to mishandling of the X-Requested-With header. This can be exploited because of improper handling in the Kossy module for Perl. Recommendations: For versions...