Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LoftOcean — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting LoftOcean. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LoftOcean develops cloud-native application security solutions focused on protecting containerized environments and DevOps pipelines. Historically, their products have been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. The company has recorded 8 CVEs to date, with several critical issues allowing unauthorized access or system compromise. Notable security characteristics include their integration with popular DevOps tools and their emphasis on runtime protection. While no major public security incidents have been documented, the consistent appearance of vulnerabilities in their software highlights the ongoing challenges in securing complex cloud-native architectures.

Top products by LoftOcean: CozyStay CozyStay - Hotel Booking WordPress Theme PatioTime TinySalt
CVE IDTitleCVSSSeverityPublished
CVE-2025-67995 WordPress PatioTime theme < 2.1 - PHP Object Injection vulnerability — PatioTimeCWE-502 9.8 Critical2026-02-20
CVE-2025-67992 WordPress PatioTime theme < 2.1 - Local File Inclusion vulnerability — PatioTimeCWE-98 8.1 High2026-02-20
CVE-2025-67988 WordPress CozyStay theme < 1.9.1 - Local File Inclusion vulnerability — CozyStayCWE-98 8.1 High2026-02-20
CVE-2025-49508 WordPress CozyStay theme < 1.7.1 - Local File Inclusion vulnerability — CozyStayCWE-98 8.1 High2025-06-17
CVE-2025-49454 WordPress TinySalt theme < 3.10.0 - Local File Inclusion vulnerability — TinySaltCWE-98 8.1 High2025-06-10
CVE-2025-49507 WordPress CozyStay theme < 1.7.1 - PHP Object Injection vulnerability — CozyStayCWE-502 9.8 Critical2025-06-10
CVE-2024-13412 CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler — CozyStay - Hotel Booking WordPress ThemeCWE-862 7.5 High2025-03-19
CVE-2024-13410 CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler — CozyStay - Hotel Booking WordPress ThemeCWE-502 9.8 Critical2025-03-19

This page lists every published CVE security advisory associated with LoftOcean. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.