Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-20...
Laravel Laravel
506
VMScore
CVE-2017-16894
In Laravel framework up to and including 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illum...
Laravel Laravel
1 EDB exploit
2 Github repositories
445
VMScore
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel prior to 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a no...
Laravel Laravel
1 Github repository
NA
CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of t...
Laravel Laravel
691
VMScore
CVE-2018-15133
In Laravel Framework up to and including 5.5.40 and 5.6.x up to and including 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and Pe...
Laravel Laravel
1 EDB exploit
19 Github repositories
1 Article
384
VMScore
CVE-2017-14775
Laravel prior to 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
Laravel Laravel
383
VMScore
CVE-2020-24940
An issue exists in Laravel prior to 6.18.34 and 7.x prior to 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
Laravel Laravel
383
VMScore
CVE-2020-24941
An issue exists in Laravel prior to 6.18.35 and 7.x prior to 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
Laravel Laravel
516
VMScore
CVE-2017-9303
Laravel 5.4.x prior to 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote malicious users to conduct phishing attacks by specifying an attacker-controlled host.
Laravel Laravel 5.4.0
NA
CVE-2021-28254
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows malicious users to execute arbitrary commands.
Laravel Laravel 8.5.9
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »