bewelcome CVE Vulnerabilities & CVE List (1)

Products (CPE): — CVEs: 1

bewelcome vulnerability overview

This page aggregates publicly disclosed CVE and security risk information related to bewelcome, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

Vulnerability distribution trend (last 24 months)

Showing 11 of 1 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-34292 Rox, the software running BeWelcome, contains a PHP object injection vulnerability resulting from deserialization of untrusted data. User-controlled input is passed to PHP's unserialize(): the POST parameter `formkit_memory_recovery` in \\RoxPostHandler::getCallbackAction and the 'memory cookie' read by \\RoxModelBase::getMemoryCookie (bwRemember). (1) If present, `formkit_memory_recovery` is processed and passed to unserialize(), and (2) restore-from-memory functionality calls unserialize() on [email protected] 9.4 0.47% 2025-10-27 2026-06-17
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence