CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

June 17, 2025

CVE ID : CVE-2025-49508

Published : June 17, 2025, 3:15 p.m. | 2 hours, 59 minutes ago

Description : Improper Control of Filename for Include/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in LoftOcean CozyStay allows PHP Local File Inclusion. This issue affects CozyStay: from n/a through n/a.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49444 – Merkulove Reformer for Elementor Unrestricted File Upload Vulnerability

Next Article CVE-2025-49330 – Bigin Zoho CRM Contact Form 7 Object Injection Vulnerability

Highlights

CVE-2025-3794 – WordPress WPForms Stored Cross-Site Scripting Vulnerability

May 9, 2025

CVE ID : CVE-2025-3794

Published : May 9, 2025, 11:15 p.m. | 1 hour, 3 minutes ago

Description : The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the start_timestamp parameter in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

CVE-2025-47662 – Woobox Stored Cross-site Scripting (XSS)

Training LLM Agents Just Got More Stable: Researchers Introduce StarPO-S and RAGEN to Tackle Multi-Turn Reasoning and Collapse in Reinforcement Learning

Sitemarker is a basic bookmark manager

CVE-2025-36633 – Tenable Agent Local Privilege Escalation

CVE-2025-3794 – WordPress WPForms Stored Cross-Site Scripting Vulnerability

Linux Candy: ricksay – Rick and Morty quotes of the day

Critical AMI BMC Vulnerability: Patch Your ASUS Workstation Now

CVE-2025-42598 – Seiko Epson Printer DLL Hijacking Vulnerability

CVE-2025-49508 – LoftOcean CozyStay PHP Remote File Inclusion Vulnerability

Related Posts