Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-4262
A vulnerability classified as critical was found in laravel-jqgrid. Affected by this vulnerability is the function getRows of the file src/Mgallegos/LaravelJqgrid/Repositories/EloquentRepositoryAbstract.php. The manipulation leads to sql injection. The name of the patch is fbc2d9...
Laravel Jqgrid Project Laravel Jqgrid
7.2
CVSSv3
CVE-2023-24249
An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows malicious users to execute arbitrary code via a crafted PHP file.
Laravel-admin Laravel-admin 1.8.19
4.8
CVSSv3
CVE-2019-17433
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
Laravel-admin Laravel-admin 1.7.3
6.1
CVSSv3
CVE-2019-17494
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
Laravel-bjyblog Project Laravel-bjyblog 6.1.1
7.5
CVSSv3
CVE-2018-8947
rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding for l, dl, and del requests, which makes it easier for remote malicious users to bypass intended access restrictions, as demonstrated by reading arbitrary files via a dl request.
Laravel Log Viewer Project Laravel Log Viewer
1 EDB exploit
8.1
CVSSv3
CVE-2022-25838
Laravel Fortify prior to 1.11.1 allows reuse within a short time window, thus calling into question the "OT" part of the "TOTP" concept.
Laravel Fortify
8.8
CVSSv3
CVE-2020-19316
OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework prior to 5.8.17.
Laravel Framework
8.8
CVSSv3
CVE-2024-22859
Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote malicious users to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate clie...
Laravel Livewire
5.3
CVSSv3
CVE-2022-40482
The authentication method in Laravel 8.x up to and including 9.x prior to 9.32.0 exists to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\Sessi...
Laravel Framework
6.1
CVSSv3
CVE-2021-43808
Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser d...
Laravel Framework
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »