Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
laravel vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-41126
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2...
Octobercms October
5.4
CVSSv3
CVE-2021-37330
Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar,...
Bookingcore Booking Core 2.0
5.3
CVSSv3
CVE-2021-37331
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the Verifications page, after uploading an ID Card or Trade License and viewing it, ID Cards and Trade Licenses of other vendors/users can be viewed by changing the URL.
Bookingcore Booking Core 2.0
9.8
CVSSv3
CVE-2021-37333
Laravel Booking System Booking Core 2.0 is vulnerable to Session Management. A password change at sandbox.bookingcore.org/user/profile/change-password does not invalidate a session that is opened in a different browser.
Bookingcore Booking Core 2.0
7.2
CVSSv3
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
9.1
CVSSv3
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and...
Octobercms October
4 Github repositories
7.4
CVSSv3
CVE-2021-29487
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by u...
Octobercms October
1 Github repository
8.1
CVSSv3
CVE-2021-36804
Akaunting version 2.1.12 and previous versions suffers from a password reset spoofing vulnerability, wherein an attacker can proxy password reset requests through a running Akaunting instance, if that attacker knows the target's e-mail address. This issue was fixed in versio...
Akaunting Akaunting
6.1
CVSSv3
CVE-2021-32645
Tenancy multi-tenant is an open source multi-domain controller for the Laravel web framework. In some situations, it is possible to have open redirects where users can be redirected from your site to any other site using a specially crafted URL. This is only the case for installa...
Tenancy Multi-tenant
9.8
CVSSv3
CVE-2020-23790
An Arbitrary File Upload vulnerability exists in the Golo Laravel theme v 1.1.5.
Uxper Golo 1.1.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »