Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
5.9
CVSSv3
CVE-2017-14775
Laravel prior to 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.
Laravel Laravel
7.5
CVSSv3
CVE-2020-24940
An issue exists in Laravel prior to 6.18.34 and 7.x prior to 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment.
Laravel Laravel
7.5
CVSSv3
CVE-2020-24941
An issue exists in Laravel prior to 6.18.35 and 7.x prior to 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions.
Laravel Laravel
8.1
CVSSv3
CVE-2018-15133
In Laravel Framework up to and including 5.5.40 and 5.6.x up to and including 5.6.29, remote code execution might occur as a result of an unserialize call on a potentially untrusted X-XSRF-TOKEN value. This involves the decrypt method in Illuminate/Encryption/Encrypter.php and Pe...
Laravel Laravel
1 EDB exploit
20 Github repositories
1 Article
7.5
CVSSv3
CVE-2017-16894
In Laravel framework up to and including 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illum...
Laravel Laravel
1 EDB exploit
2 Github repositories
5.3
CVSSv3
CVE-2021-21263
Laravel is a web application framework. Versions of Laravel prior to 6.20.11, 7.30.2 and 8.22.1 contain a query binding exploitation. This same exploit applies to the illuminate/database package which is used by Laravel. If a request is crafted where a field that is normally a no...
Laravel Laravel
1 Github repository
8.8
CVSSv3
CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of t...
Laravel Laravel
9.8
CVSSv3
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-20...
Laravel Laravel
9.8
CVSSv3
CVE-2021-28254
A deserialization vulnerability in the destruct() function of Laravel v8.5.9 allows malicious users to execute arbitrary commands.
Laravel Laravel 8.5.9
6.1
CVSSv3
CVE-2017-9303
Laravel 5.4.x prior to 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote malicious users to conduct phishing attacks by specifying an attacker-controlled host.
Laravel Laravel 5.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »