Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-34943
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
NA
CVE-2021-37298
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
7.3
CVSSv3
CVE-2021-21979
In Bitnami Containers, all Laravel container versions prior to: 6.20.0-debian-10-r107 for Laravel 6, 7.30.1-debian-10-r108 for Laravel 7 and 8.5.11-debian-10-r0 for Laravel 8, the file /tmp/app/.env is generated at the time that the docker image bitnami/laravel was built, and the...
Bitnami Containers 8.5.4-debian-10-r1
Bitnami Containers 8.5.2-debian-10-r1
Bitnami Containers
Bitnami Containers 6.19.0-debian-10-r0
Bitnami Containers 7.29.0-debian-10-r0
Bitnami Containers 7.30.0-debian-10-r0
Bitnami Containers 8.3.0-debian-10-r0
Bitnami Containers 8.5.2-debian-10-r0
Bitnami Containers 8.5.3-debian-10-r0
Bitnami Containers 8.5.4-debian-10-r0
1 Github repository
9.8
CVSSv3
CVE-2021-3129
Ignition prior to 2.5.2, as used in Laravel and other products, allows unauthenticated remote malicious users to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel prior to 8....
Facade Ignition
44 Github repositories
1 Article
6.1
CVSSv3
CVE-2019-15489
laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS.
Laracom Laracom 1.4.11
9.8
CVSSv3
CVE-2023-29931
laravel-s 3.7.35 is vulnerable to Local File Inclusion via /src/Illuminate/Laravel.php.
Laravels Project Laravels 3.7.35
8.1
CVSSv3
CVE-2021-36804
Akaunting version 2.1.12 and previous versions suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in versio...
Akaunting Akaunting
9.8
CVSSv3
CVE-2020-23790
An Arbitrary File Upload vulnerability exists in the Golo Laravel theme v 1.1.5.
Uxper Golo 1.1.5
6.1
CVSSv3
CVE-2018-20962
The Backpack\CRUD Backpack component prior to 3.4.9 for Laravel allows XSS via the select field type.
Backpackforlaravel Backpack\\\\crud
9.8
CVSSv3
CVE-2021-43996
The Ignition component prior to 1.16.15, and 2.0.x prior to 2.0.6, for Laravel has a "fix variable names" feature that can lead to incorrect access control.
Facade Ignition
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »