CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

June 17, 2025

CVE ID : CVE-2025-49508

Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in LoftOcean CozyStay allows PHP Local File Inclusion. This issue affects CozyStay: from n/a through n/a.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49444 – Merkulove Reformer for Elementor Unrestricted File Upload Vulnerability

Next Article CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

Highlights

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

June 3, 2025

CVE ID : CVE-2024-36486

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-55716 – VeronaLabs WP Statistics Missing Authorization Vulnerability

MongoDB 8.0: Improving Performance, Avoiding Regressions

What is Artificial Intelligence? Everything You Need to Know

Novo is a legal tech startup that helps personal injury law firms automate their most time-consuming tasks using AI.

CVE-2024-36486 – Parallels Desktop for Mac Privilege Escalation Vulnerability

Black Hat USA 2025 CISO Podcast Series: Episode 2 Now Live

U.S. Seizes $7.74M in Crypto Tied to North Korea’s Global Fake IT Worker Network

Here’s how you can still trade in any phone at Verizon to get an iPhone, iPad, and Apple Watch free

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Related Posts