Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
NA
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows malicious users to execute arbitrary code via a crafted PHP file.
Laravel-admin Laravel-admin 1.8.19
NA
CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d9...
Laravel Jqgrid Project Laravel Jqgrid
383
VMScore
CVE-2019-17494
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
Laravel-bjyblog Project Laravel-bjyblog 6.1.1
505
VMScore
CVE-2018-8947
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote malicious users to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Laravel Log Viewer Project Laravel Log Viewer
1 EDB exploit
NA
CVE-2024-22859
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote malicious users to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate clie...
Laravel Livewire
668
VMScore
CVE-2021-43617
Laravel Framework up to and including 8.70.2 does not sufficiently block the upload of executable PHP content because Illuminate/Validation/Concerns/ValidatesAttributes.php lacks a check for .phar files, which are handled as application/x-httpd-php on systems based on Debian. NOT...
Laravel Framework
1 Github repository
383
VMScore
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser d...
Laravel Framework
1 Github repository
NA
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
605
VMScore
CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework prior to 5.8.17.
Laravel Framework
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »