Loftocean Cozystay
3 CVEs affecting Loftocean Cozystay. Latest disclosed: 2026-02-20. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49507 | Critical | 9.8 | 2025-06-10 | Deserialization of Untrusted Data vulnerability in LoftOcean CozyStay cozystay allows Object Injection.This issue affects CozyStay: from n/a through < 1.7.1. |
CVE-2025-67988 | High | 8.1 | 2026-02-20 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP… |
CVE-2025-49508 | High | 8.1 | 2025-06-17 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean CozyStay cozystay allows PHP… |