Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel laravel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-40734
UniSharp laravel-filemanager (aka Laravel Filemanager) prior to 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem prior to 2.0.0.
Unisharp Laravel Filemanager
NA
CVE-2022-38089
Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allow...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-37333
SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) allows remote a...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-38080
Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and previous versions and exceedone/laravel-admin v3.0.0 and previous versions, (PHP7) exceedone/exment v4.4.2 and previous versions and exceedone/laravel-admin v2.2.2 and previous versions) al...
Exceedone Exment
Exceedone Laravel-admin
NA
CVE-2022-2886
A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of t...
Laravel Laravel
NA
CVE-2022-2870
A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-20...
Laravel Laravel
NA
CVE-2022-34943
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
605
VMScore
CVE-2022-24800
October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the `fromData` method, an unauthenticated user ca...
Octobercms October
383
VMScore
CVE-2022-24784
Statamic is a Laravel and Git powered CMS. prior to 3.2.39 and 3.3.2, it is possible to confirm a single character of a user's password hash using a specially crafted regular expression filter in the users endpoint of the REST API. Multiple such requests can eventually uncov...
Statamic Statamic
890
VMScore
CVE-2021-45040
The Spatie media-library-pro library up to and including 1.17.10 and 2.x up to and including 2.1.6 for Laravel allows remote malicious users to upload executable files via the uploads route.
Spatie Laravel Media Library
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »