CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read b...

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292 BeWelcome/Rox PHP Object Injection RCE

Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize: the POST parameter formkitmemoryrecovery in \RoxPostHandler::getCallbackAction and the 'memory cookie' read by...

CVE-2025-34292

The CVE-2025-34292 issue affects Rox (BeWelcome) where unsafely deserializing untrusted data enables PHP object injection. User input flows into unserialize() via the POST parameter formkit_memory_recovery in RoxPostHandler::getCallbackAction and via the bwRemember memory cookie used by RoxModelB...

PT-2025-43965

Name of the Vulnerable Software and Affected Versions Rox affected versions not specified Description The software contains a PHP object injection issue due to deserialization of untrusted data. User-controlled input, specifically the formkit memory recovery POST parameter in...

Exploit for Prototype Pollution in Salesforce Tough-Cookie

CVE-2023-26136 Fix for tough-cookie 2.5.0 Mission Overview...

SUSE CVE-2024-56719

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 "net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data" moved the assignment of txskbuffdma's members to be later in stmmactsoxmit. The buf dma...

AZL-55297 CVE-2024-56719 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 "net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data" moved the assignment of txskbuffdma's members to be later in stmmactsoxmit. The buf dma...

PT-2024-37031

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to the TSO DMA API usage in the Linux kernel, specifically in the stmmac driver. The problem arises when the assignment of tx skbuff dma members is moved later in stmmac ts...